CVE-2025-49135
📋 TL;DR
This vulnerability in CVAT allows authenticated users with 'user' role to access other users' uploaded files during project/task backup imports by exploiting filename validation flaws. It affects all CVAT instances running versions 2.2.0 through 2.39.0. Attackers can potentially steal sensitive annotation data from other users.
💻 Affected Systems
- CVAT (Computer Vision Annotation Tool)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete data exfiltration where attackers systematically steal all user-uploaded files containing sensitive video/image annotations, potentially exposing proprietary training data or personally identifiable information.
Likely Case
Targeted data theft where attackers with insider knowledge access specific users' annotation files, compromising project confidentiality and intellectual property.
If Mitigated
Limited impact with proper access controls and monitoring, where unauthorized access attempts are detected and blocked before significant data loss occurs.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of target filenames. No public exploit code available as of advisory publication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.40.0 or later
Vendor Advisory: https://github.com/cvat-ai/cvat/security/advisories/GHSA-frpr-5w6q-hh4f
Restart Required: Yes
Instructions:
1. Backup your CVAT data and configuration. 2. Stop all CVAT services. 3. Update CVAT to version 2.40.0 or later using your deployment method (Docker, Kubernetes, or source). 4. Restart CVAT services. 5. Verify the update was successful.
🧯 If You Can't Patch
- Implement strict access controls and monitoring for project/task backup import operations.
- Isolate user upload directories and implement file permission restrictions at OS level.
🔍 How to Verify
Check if Vulnerable:
Check CVAT version via web interface admin panel or by inspecting deployment configuration. Versions 2.2.0 through 2.39.0 are vulnerable.Check Version:
docker exec cvat_server python manage.py --version 2>/dev/null || check CVAT web interface admin panelVerify Fix Applied:
Confirm CVAT version is 2.40.0 or later and test that project/task backup imports now validate file ownership properly.📡 Detection & Monitoring
Log Indicators:
- Multiple failed import attempts with different filenames
- Import operations accessing files outside user's upload directory
- Unusual import patterns from single user account
Network Indicators:
- Unusual volume of import requests to /api/projects or /api/tasks endpoints
- Requests with suspicious filename parameters
SIEM Query:
source="cvat" AND ("import" OR "backup") AND ("unauthorized" OR "permission denied" OR "access violation")