AI Threat Alert

CVE-2025-8917

GHSA-579p-qf78-fqm2 MEDIUM
Published October 5, 2025

A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
clearml pip < 2.0.2 2.0.2

Do you use clearml? You're affected.

Severity & Risk

CVSS 3.1
5.8 / 10
EPSS
0.0%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update clearml to version 2.0.2

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.

Weaknesses (CWE)

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Primary

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

References

Timeline

Published
October 5, 2025
Last Modified
October 7, 2025
First Seen
March 24, 2026
Back to Threat Feed