ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-32453 ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Github GHSA Github GHSA GHSA-q92x-2x5g-h365 ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 30 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Zenml
Zenml zenml
CPEs cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*
Vendors & Products Zenml
Zenml zenml
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Mon, 06 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Zenmlio
Zenmlio zenml
Vendors & Products Zenmlio
Zenmlio zenml

Sun, 05 Oct 2025 09:15:00 +0000

Type Values Removed Values Added
Description ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Title Path Traversal in zenml-io/zenml
Weaknesses CWE-22
References
Metrics cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2025-10-06T14:16:06.622Z

Reserved: 2025-07-31T06:59:58.714Z

Link: CVE-2025-8406

cve-icon Vulnrichment

Updated: 2025-10-06T14:11:56.477Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-05T09:15:31.767

Modified: 2025-10-30T14:08:25.080

Link: CVE-2025-8406

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-06T14:40:10Z