Home > Vulnerability Database > CVE-2025-8917

Mend.io Vulnerability Database

CVE-2025-8917

Good to know:

Date: October 5, 2025

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the "safe_extract" function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.

Severity Score

5.8

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8917

Url: https://github.com/clearml/clearml

Url: https://github.com/allegroai/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73

Url: https://github.com/clearml/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73

Url: https://huntr.com/bounties/588fcdd1-fea4-4cc2-a9f8-851701dcb576

Url: https://www.mend.io/vulnerability-database/CVE-2025-8917

Severity Score

5.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version clearml - 2.0.2;clearml - 2.0.2;https://github.com/clearml/clearml.git - v2.0.2

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8917

Good to know:

Date: October 5, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?