CVE-2025-67818

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4

Description An attacker who can insert data into the database can create an entry name containing an absolute path (for example, /etc/...) or utilize parent directory traversal (../../..) to bypass the restore root during a backup restoration. This could lead to the creation or overwriting of files in arbitrary locations within the application's permissions.

Recommendations Update to version 1.33.4 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-67818

GHSA-7V39-2HX7-7C43

GO-2025-4237

SUSE-SU-2026:0037-1

Affected Products

Weaviate Oss

CVE-2025-67818

Weakness Enumeration

Related Identifiers

Affected Products

References · 90