CVE-2025-64485
📋 TL;DR
A path traversal vulnerability in CVAT allows authenticated users with at least User role to create or overwrite files in the root of mounted file shares. If no file share is mounted, they can fill disk space in the import worker container. This affects all CVAT deployments running vulnerable versions.
💻 Affected Systems
- CVAT (Computer Vision Annotation Tool)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious user could overwrite critical system files, execute arbitrary code via file manipulation, or cause denial of service by filling disk space.
Likely Case
Unauthorized file creation leading to disk exhaustion, data corruption, or privilege escalation through file manipulation.
If Mitigated
Limited to authenticated users only, with impact contained to file share or container storage.
🎯 Exploit Status
Exploitation requires authenticated access with User role or higher.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.49.0
Vendor Advisory: https://github.com/cvat-ai/cvat/security/advisories/GHSA-x396-w86c-gf6w
Restart Required: Yes
Instructions:
1. Backup your CVAT data and configuration. 2. Update CVAT to version 2.49.0 or later. 3. Restart all CVAT services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict User Role Permissions
allTemporarily reduce permissions for User role accounts until patching is complete.
# Review and modify user role permissions in CVAT admin interface
Implement File Share Quotas
linux/windowsSet disk quotas on mounted file shares to limit potential disk exhaustion.
# For Linux: sudo setquota -u username soft hard /mount/point
# For Windows: Configure via Disk Management quotas
🧯 If You Can't Patch
- Implement strict access controls and monitor User role activities
- Isolate CVAT deployment and implement network segmentation
🔍 How to Verify
Check if Vulnerable:
Check CVAT version via web interface or API. If version is between 2.4.0 and 2.48.1 inclusive, system is vulnerable.Check Version:
docker exec cvat_core python manage.py --versionVerify Fix Applied:
Confirm CVAT version is 2.49.0 or later and test that User role cannot create files in root file share locations.📡 Detection & Monitoring
Log Indicators:
- Unusual file creation patterns in /share directory
- Multiple failed file operations from User role accounts
- Disk space alerts on CVAT containers
Network Indicators:
- Increased API calls to file upload endpoints from User accounts
SIEM Query:
source="cvat" AND ("file creation" OR "disk full") AND user_role="User"