CVE-2025-67818
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weaviate | weaviate | to 1.33.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Upgrade Weaviate OSS to version 1.33.4 or later to fix the vulnerability that allows path traversal during backup restore operations. Additionally, restrict or monitor access to database insert operations to trusted users only, as the vulnerability requires the attacker to have insert access.
Can you explain this vulnerability to me?
This vulnerability exists in Weaviate OSS before version 1.33.4, where an attacker who can insert data into the database can craft an entry name using an absolute path or directory traversal sequences. This allows the attacker to escape the intended restore directory during a backup restore operation, potentially creating or overwriting files anywhere within the application's privilege scope.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to overwrite or create files in arbitrary locations within the application's privilege scope. This could lead to unauthorized modification of files, potential code execution, data corruption, or disruption of the applicationβs normal operation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-67818 involves checking for unauthorized or suspicious backup restore activities that include absolute paths or directory traversal sequences in object names. Since the vulnerability is exploited by inserting crafted entries with absolute paths or '..' sequences during backup restore, monitoring logs for such patterns is recommended. Additionally, verifying the Weaviate version to ensure it is patched (above 1.33.3) or checking if backup modules are enabled can help. Specific commands are not provided in the resources, but general approaches include searching Weaviate logs for entries containing '/etc/', '../', or similar path traversal patterns, and auditing configuration files for enabled backup modules (e.g., checking 'enabled_modules' for 'backup*' entries). [1]