CNNVD-202512-3794 Information

CNNVD ID

CNNVD-202512-3794

Related CVE

CVE-2025-68430

• CNNVD Published: 2025-12-19

Description (Chinese)

CVAT.ai CVAT是CVAT.ai开源的一个数据处理工具。 CVAT.ai CVAT 2.8.1版本至2.52.0版本存在安全漏洞，该漏洞源于攻击者可检索CVAT服务器可访问的任何文件系统目录内容，可能导致信息泄露。

Description (English)

CVAT.ai CVAT is an open source data-processing tool for CVAT.ai. There is a security gap between CVAT.ai CVAT versions 2.8.1 and 2.52.0, which stems from the fact that the assailant can retrieve the contents of any file system catalogue accessible by the CVAT server and may lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CVAT.ai

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/cvat-ai/cvat/commit/2c24ef0c3f8fd94f6c71cff4eafcf11bfcaa5f91 https://github.com/cvat-ai/cvat/security/advisories/GHSA-3g7v-xjh7-xmqx https://access.redhat.com/security/cve/cve-2025-68430

Patch

https://github.com/cvat-ai/cvat/releases