{"data":{"id":"efd43ed7-c8a7-497d-83ee-31f0b49dbd00","title":"CVE-2025-67818: An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craf","summary":"Weaviate OSS (an open-source vector database) before version 1.33.4 has a path traversal vulnerability (a bug where an attacker can access files outside the intended directory using tricks like ../../..) that allows attackers with database write access to escape the backup restore location and create or overwrite files elsewhere on the system. This could let attackers modify critical files within the application's permissions.","solution":"Upgrade Weaviate OSS to version 1.33.4 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-67818","publishedAt":"2025-12-12T22:15:45.583Z","cveId":"CVE-2025-67818","cweIds":["CWE-22"],"cvssScore":"7.2","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Weaviate"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00318,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.88,"researchCategory":null,"atlasIds":null}}