CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Zenml: >> Zenml >> 0.83.1 Security Vulnerabilities

CVE-2025-8406

ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.

CVSS Score

6.3

EPSS Score

0.0

Published

2025-10-05

Page 1

Vulnerabilities

Vulnerable Software

Zenml: >> Zenml >> 0.83.1 Security Vulnerabilities

Products

Pricing

Contact Us