CVE-2025-10854
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-09-22
Assigner: JFrog
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| neuml | txtai | 9.0.0 |
| neuml | txtai | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the txtai framework involves loading compressed tar files as embedding indices. Although there is a validate function intended to prevent path traversal by checking filenames, it does not handle symbolic links within the tar files. An attacker can exploit this by crafting a malicious tar file containing symbolic links, which allows arbitrary file writes anywhere on the filesystem when txtai loads these untrusted embedding indices. [2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to write files anywhere on your filesystem without authorization when loading untrusted embedding indices with txtai. This arbitrary file write capability can lead to system compromise, data corruption, or unauthorized code execution, posing a significant security risk. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying the use of untrusted compressed tar files loaded as embedding indices by the txtai framework, especially those containing symbolic links. Since the vulnerability exploits symbolic links within tar files, you can inspect tar files before loading them using commands like 'tar -tvf <file.tar>' to list contents and check for symbolic links (indicated by 'l' in the file permissions). Additionally, monitoring logs or application behavior for unexpected file writes during txtai Embeddings.load() operations may help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
As of the last update, no official mitigations have been provided. However, immediate steps include avoiding loading untrusted or unaudited compressed tar files as embedding indices in txtai. You can also manually inspect tar files for symbolic links before loading them. Upgrading to a version of txtai that incorporates enhanced tar extraction security measures, such as rejecting files with symbolic links during extraction (as described in Python 3.9+ tarfile module improvements), would mitigate the risk once available. [1, 2]