PT-2025-50958 · Weaviate · Weaviate Oss
Published
2025-12-12
·
Updated
2026-01-06
·
CVE-2025-67819
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Weaviate OSS versions prior to 1.33.4
Description
A flaw exists in Weaviate OSS that allows an attacker to read arbitrary files accessible to the service process. This occurs because of insufficient validation of the
fileName field during file transfer operations. Specifically, an attacker who can call the GetFile method while a shard is paused and the FileReplicationService is reachable can exploit this issue.Recommendations
Update Weaviate OSS to version 1.33.4 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Weaviate Oss