Vulnerability Description
ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zenml | Zenml | >= 0.83.1, < 0.84.2 |
Related Weaknesses (CWE)
References
- https://github.com/zenml-io/zenml/commit/5d22a48d7bf6c7f10b748577c2be79cc7969d39Patch
- https://huntr.com/bounties/a0880d64-9928-45bf-9663-2cd81582d9e7ExploitThird Party Advisory
- https://huntr.com/bounties/a0880d64-9928-45bf-9663-2cd81582d9e7ExploitThird Party Advisory
FAQ
What is CVE-2025-8406?
CVE-2025-8406 is a vulnerability with a CVSS score of 7.8 (HIGH). ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extractio...
How severe is CVE-2025-8406?
CVE-2025-8406 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8406?
Check the references section above for vendor advisories and patch information. Affected products include: Zenml Zenml.