CNNVD-202512-2330 Information

CNNVD ID

CNNVD-202512-2330

Related CVE

CVE-2025-67819

• CNNVD Published: 2025-12-12

Description (Chinese)

Weaviate是Weaviate开源的一个开源矢量数据库。 Weaviate 1.33.4之前版本存在安全漏洞，该漏洞源于传输逻辑中未验证fileName字段，可能导致读取服务进程可访问的任意文件。

Description (English)

Weaviate is an open-source vector database of the Weaviate open source. There is a security loophole in the pre-Weaviate 1.33.4 version, which stems from the failure to validate the file name field in the transmission logic, which may lead to the reading of any file that the service process can access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Weaviate

Published

2025-12-12

Last Modified

2026-02-24

References

https://github.com/weaviate/weaviate https://weaviate.io/blog/weaviate-security-release-november-2025

Patch

https://github.com/weaviate/weaviate/releases