ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 05 Oct 2025 09:15:00 +0000

Type Values Removed Values Added
Description ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Title Path Traversal in zenml-io/zenml
Weaknesses CWE-22
References
Metrics cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2025-10-05T09:00:36.838Z

Reserved: 2025-07-31T06:59:58.714Z

Link: CVE-2025-8406

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-10-05T09:15:31.767

Modified: 2025-10-05T09:15:31.767

Link: CVE-2025-8406

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.