CVE-2025-67818: An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craf
highvulnerability
security
Summary
Weaviate OSS (an open-source vector database) before version 1.33.4 has a path traversal vulnerability (a bug where an attacker can access files outside the intended directory using tricks like ../../..) that allows attackers with database write access to escape the backup restore location and create or overwrite files elsewhere on the system. This could let attackers modify critical files within the application's permissions.
Solution / Mitigation
Upgrade Weaviate OSS to version 1.33.4 or later.
Vulnerability Details
CVSS Score
7.2(high)
EPSS (30-day exploit probability)
EPSS: 0.3%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-67818
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 88%