The vulnerability arises in the recipe CLI command that extracts .praison tar archives. Before version 4.5.128, the extraction logic calls tar.extract() without sanitizing the archive member paths. If an archive contains entries with "../../" components, the extraction process will write files outside the intended output directory. This allows an attacker who can supply a malicious bundle to overwrite arbitrary files on the victim’s filesystem. The weakness is a classic path traversal (CWE‑22). The primary impact is the ability to replace critical configuration files or binaries, which can lead to privilege escalation or denial of service.

The affected product is MervinPraison PryasonAI. All releases prior to 4.5.128 are vulnerable. No specific sub‑components are listed, but any instance that invokes the recipe unpack command is at risk.

The CVSS base score is 9.4, indicating a high severity flaw. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. It is inferred that the attack vector requires the victim to run the "praisonai recipe unpack" command against a crafted .praison bundle. An attacker can deliver a malicious bundle and await its execution by a user or automated process. Once executed, the attack can overwrite any file the running user has write access to, creating a pathway for further compromise. The lack of a publicly demonstrated exploit and the absence of EPSS data suggest moderate exploitation likelihood, but the high CVSS score and wide potential impact keep overall risk elevated.