CVE-2025-8917

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-8917

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8917.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-8917

Aliases

GHSA-579p-qf78-fqm2

Published

2025-10-05T11:16:03.400Z

Modified

2025-11-17T01:27:21.306245Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safe_extract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.

References

Affected packages

Git / github.com/clearml/clearml

Affected ranges

Type: GIT
Repo: https://github.com/clearml/clearml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.10.7

0.11.0

0.11.1

0.11.2

0.11.3

0.12.0

0.12.1

0.12.2

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.14.2

0.14.3

0.15.0

0.15.1

0.15.1rc0

0.15.2rc0

0.16.0

0.16.1

0.16.2

0.16.2rc0

0.16.3

0.16.4

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

0.17.5rc3

0.17.5rc5

0.17.5rc6

0.9.0

0.9.1

0.9.2

0.9.3

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.4rc0

1.0.4rc1

1.0.5

1.0.6rc1

1.0.6rc2

1.1.0

1.1.1

1.1.2rc0

1.1.3rc0

1.1.5rc1

1.1.5rc2

Other

untagged-38cec581542f7f989ef9

v0.*

v0.17.5rc2

v0.17.5rc4

v1.*

v1.1.3

v1.1.4

v1.1.4rc0

v1.1.5

v1.1.5rc0

v1.1.5rc3

v1.1.5rc4

v1.1.5rc5

v1.1.5rc6

v1.1.5rc7

v1.1.6

v1.1.6rc0

v1.10.0

v1.10.0_fix

v1.10.1

v1.10.2

v1.10.3

v1.11.0

v1.11.1

v1.11.1rc0

v1.11.1rc1

v1.11.1rc2

v1.11.2rc0

v1.12.0

v1.12.1

v1.12.2

v1.12.2rc0

v1.13.0

v1.13.1

v1.13.2

v1.13.3rc0

v1.13.3rc1

v1.14.0

v1.14.0rc0

v1.14.1

v1.14.2

v1.14.2rc0

v1.14.3

v1.14.3rc0

v1.14.4

v1.14.4rc0

v1.14.4rc1

v1.14.5rc0

v1.15.0

v1.15.1

v1.16.0

v1.16.1

v1.16.2

v1.16.2rc0

v1.16.3

v1.16.3rc0

v1.16.4

v1.16.5

v1.17.0

v1.17.1

v1.18.0

v1.2.0

v1.2.0rc0

v1.2.0rc1

v1.2.0rc2

v1.2.1

v1.2.1rc0

v1.3.0

v1.3.1

v1.3.1rc0

v1.3.2

v1.3.2rc0

v1.3.2rc2

v1.3.2rc3

v1.3.3rc0

v1.3.3rc1

v1.4.0

v1.4.1rc0

v1.4.2rc0

v1.4.2rc1

v1.5.0

v1.6

v1.6.1

v1.6.2

v1.6.3

v1.6.3rc0

v1.6.3rc1

v1.6.3rc2

v1.6.4

v1.6.5rc0

v1.6.5rc1

v1.7.0

v1.7.0rc0

v1.7.0rc1

v1.7.1

v1.7.1rc0

v1.7.1rc1

v1.7.1rc2

v1.7.2

v1.7.2rc0

v1.7.2rc1

v1.7.2rc2

v1.7.3rc0

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4rc0

v1.8.4rc1

v1.8.4rc2

v1.9.0

v1.9.1

v1.9.2

v1.9.2rc0

v1.9.2rc1

v1.9.3

v2.*

v2.0.0

v2.0.1