CVE-2025-64485

Vulnerability Description

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the user will be able to create files in the share directory of the import worker container, potentially filling up disk space. This issue is fixed in version 2.49.0.

Related Weaknesses (CWE)

References

• https://github.com/cvat-ai/cvat/commit/cace877189528a7ed4a224476f4bc0bd5a21d40c
• https://github.com/cvat-ai/cvat/security/advisories/GHSA-x396-w86c-gf6w

FAQ

What is CVE-2025-64485?

CVE-2025-64485 is a documented vulnerability. CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in t...

How severe is CVE-2025-64485?

CVSS scoring is not yet available for CVE-2025-64485. Check NVD for updates.

Is there a patch for CVE-2025-64485?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.