A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.
CVE-2025-8917
🟡 Medium
CVE-2025-8917: Path Traversal Vulnerability in ClearML
A vulnerability in allegroai ClearML v2.0.1 allows path traversal through improper symbolic link handling, leading to possible remote code execution.
CVE ID
CVE-2025-8917
CVSS Score
5.8
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-8917
- Severity
- Medium
- CVSS v3 Score
- 5.8 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners