CVE-2022-25882: Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tenso
Summary
ONNX (a machine learning model format library) versions before 1.13.0 contain a directory traversal vulnerability (a security flaw where an attacker can access files outside the intended folder by using paths like '../../../etc/passwd'). An attacker could exploit the external_data field in tensor proto (data structure in ONNX models) to read sensitive files from anywhere on a system.
Solution / Mitigation
Update to ONNX version 1.13.0 or later.
Vulnerability Details
7.5(high)
EPSS: 3.5%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-25882
First tracked: February 15, 2026 at 08:44 PM
Classified by LLM (prompt v3) · confidence: 85%