Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-32453 | ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten. |
Github GHSA |
GHSA-q92x-2x5g-h365 | ZenML is vulnerable to Path Traversal through its `PathMaterializer` class |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Thu, 30 Oct 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zenml
Zenml zenml |
|
| CPEs | cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zenml
Zenml zenml |
|
| Metrics |
cvssV3_1
|
Mon, 06 Oct 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 06 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zenmlio
Zenmlio zenml |
|
| Vendors & Products |
Zenmlio
Zenmlio zenml |
Sun, 05 Oct 2025 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten. | |
| Title | Path Traversal in zenml-io/zenml | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_0
|
Status: PUBLISHED
Assigner: @huntr_ai
Published:
Updated: 2025-10-06T14:16:06.622Z
Reserved: 2025-07-31T06:59:58.714Z
Link: CVE-2025-8406
Updated: 2025-10-06T14:11:56.477Z
Status : Analyzed
Published: 2025-10-05T09:15:31.767
Modified: 2025-10-30T14:08:25.080
Link: CVE-2025-8406
No data.
OpenCVE Enrichment
Updated: 2025-10-06T14:40:10Z
EUVD
Github GHSA