CVE-2025-8917: clearml is vulnerable to Path Traversal through its `safe_extract` function
(updated )
A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safe_extract
function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-8917 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →