CVE-2025-8406

Name of the Vulnerable Software and Affected Versions ZenML version 0.83.1

Description The software contains a path traversal issue in the PathMaterializer class. The load function uses is path within directory to validate files during data.tar.gz extraction, which does not properly detect symbolic and hard links. This can allow for arbitrary file writes, potentially leading to arbitrary command execution if critical files are overwritten.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.