CVE-2025-67818
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-12

Last updated on: 2025-12-19

Assigner: MITRE

Description
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a backup is restored, potentially creating or overwriting files in arbitrary locations within the application's privilege scope.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67818
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
weaviate weaviate to 1.33.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Upgrade Weaviate OSS to version 1.33.4 or later to fix the vulnerability that allows path traversal during backup restore operations. Additionally, restrict or monitor access to database insert operations to trusted users only, as the vulnerability requires the attacker to have insert access.

Executive Summary

This vulnerability exists in Weaviate OSS before version 1.33.4, where an attacker who can insert data into the database can craft an entry name using an absolute path or directory traversal sequences. This allows the attacker to escape the intended restore directory during a backup restore operation, potentially creating or overwriting files anywhere within the application's privilege scope.

Impact Analysis

The vulnerability can allow an attacker to overwrite or create files in arbitrary locations within the application's privilege scope. This could lead to unauthorized modification of files, potential code execution, data corruption, or disruption of the application’s normal operation.

Detection Guidance

Detection of CVE-2025-67818 involves checking for unauthorized or suspicious backup restore activities that include absolute paths or directory traversal sequences in object names. Since the vulnerability is exploited by inserting crafted entries with absolute paths or '..' sequences during backup restore, monitoring logs for such patterns is recommended. Additionally, verifying the Weaviate version to ensure it is patched (above 1.33.3) or checking if backup modules are enabled can help. Specific commands are not provided in the resources, but general approaches include searching Weaviate logs for entries containing '/etc/', '../', or similar path traversal patterns, and auditing configuration files for enabled backup modules (e.g., checking 'enabled_modules' for 'backup*' entries). [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67818. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart