CVE-2025-51480: Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrit
Summary
CVE-2025-51480 is a path traversal vulnerability (a flaw where attackers use special sequences like '../' to access files outside intended directories) in ONNX 1.17.0's save_external_data function that allows attackers to overwrite arbitrary files by supplying malicious file paths. The vulnerability bypasses the intended directory restrictions that should prevent this kind of file manipulation.
Solution / Mitigation
Patches are available through pull requests #6959 and #7040 on the ONNX GitHub repository (https://github.com/onnx/onnx/pull/6959 and https://github.com/onnx/onnx/pull/7040).
Vulnerability Details
8.8(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-51480
First tracked: February 15, 2026 at 08:44 PM
Classified by LLM (prompt v3) · confidence: 85%