CVE-2025-8406 🟡 Medium

CVE-2025-8406: Path Traversal Vulnerability in ZenML

ZenML version 0.83.1 contains a path traversal vulnerability in the 'PathMaterializer' class. This flaw can lead to arbitrary file writes.

CVE ID

CVE-2025-8406

CVSS Score

6.3

Vendor

unknown

Published

Oct 05

ZenML version 0.83.1 is affected by a path traversal vulnerability in the 'PathMaterializer' class. The 'load' function uses 'is_path_within_directory' to validate files during 'data.tar.gz' extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.

Vulnerability Details

CVE ID: CVE-2025-8406
Severity: Medium
CVSS v3 Score: 6.3 / 10.0
Affected Vendor: unknown
Publication Date: October 05, 2025

External Resources

NIST NVD Database
MITRE CVE

Need Help?

Protect your infrastructure with our comprehensive security scanning tools.

Explore Security Scanners

Back to CVE Database