CNNVD-202511-865 Information

CNNVD ID

CNNVD-202511-865

Related CVE

CVE-2025-64485

• CNNVD Published: 2025-11-08

Description (Chinese)

CVAT.ai CVAT是CVAT.ai开源的一个数据处理工具。 CVAT.ai CVAT 2.4.0版本至2.48.1版本存在路径遍历漏洞，该漏洞源于恶意用户可在挂载文件共享的根目录中创建或覆盖文件，可能导致磁盘空间耗尽。

Description (English)

CVAT.ai CVAT is an open source data-processing tool for CVAT.ai. CVAT.ai CVAT Versions 2.4.0 to 2.48.1 have path-penetrating loopholes, which stem from the fact that malicious users can create or overwhelm files in the root directories where the files are shared and may lead to disk space depletion.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

CVAT.ai

Published

2025-11-08

Last Modified

2026-02-24

References

https://github.com/cvat-ai/cvat/commit/cace877189528a7ed4a224476f4bc0bd5a21d40c https://github.com/cvat-ai/cvat/security/advisories/GHSA-x396-w86c-gf6w https://access.redhat.com/security/cve/cve-2025-64485

Patch

https://github.com/cvat-ai/cvat/releases