PT-2025-45521 · Intel · Cvat
Published
2025-11-07
·
Updated
2025-11-08
·
CVE-2025-64485
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
CVAT versions 2.4.0 through 2.48.1
Description
CVAT is an interactive video and image annotation tool for computer vision. A user with the User global role can potentially create or overwrite files in the root of a mounted file share. If a file share is not mounted, files can be created in the import worker container's share directory, potentially consuming disk space.
Recommendations
Update to version 2.49.0 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cvat