CNNVD-202512-2331 Information
Dec 12, 2025
cve
CNNVD ID
CNNVD-202512-2331
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
Weaviate是Weaviate开源的一个开源矢量数据库。 Weaviate 1.33.4之前版本存在安全漏洞,该漏洞源于攻击者可利用绝对路径或目录遍历在备份恢复时逃逸根目录,可能导致任意文件创建或覆盖。
Description (English)
Weaviate is an open-source vector database of the Weaviate open source. The security loophole in the pre-Weaviate 1.33.4 version stems from the fact that the assailant can run through the escape directory when the backup is restored, using an absolute path or directory, which could lead to the creation or overwhelming of any file.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Weaviate
Published
2025-12-12
Last Modified
2026-02-24
References
https://github.com/weaviate/weaviate https://weaviate.io/blog/weaviate-security-release-november-2025
Patch
https://github.com/weaviate/weaviate/releases
Share on: