Advisory Database
  • Advisories
  • Dependency Scanning
  1. pypi
  2. ›
  3. clearml
  4. ›
  5. CVE-2025-8917

CVE-2025-8917: clearml is vulnerable to Path Traversal through its `safe_extract` function

October 5, 2025 (updated October 7, 2025)

A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safe_extract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.

References

  • github.com/advisories/GHSA-579p-qf78-fqm2
  • github.com/clearml/clearml
  • github.com/clearml/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73
  • huntr.com/bounties/588fcdd1-fea4-4cc2-a9f8-851701dcb576
  • nvd.nist.gov/vuln/detail/CVE-2025-8917

Code Behaviors & Features

Detect and mitigate CVE-2025-8917 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 2.0.2

Fixed versions

  • 2.0.2

Solution

Upgrade to version 2.0.2 or above.

Impact 5.8 MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Learn more about CVSS

Weakness

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Source file

pypi/clearml/CVE-2025-8917.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 23 Oct 2025 12:20:24 +0000.