CVE-2025-67818 – This vulnerability allows attackers with databa... (How to Fix)

Q: What is the severity of CVE-2025-67818?

CVE-2025-67818 has a CVSS score of 7.2 (HIGH). This vulnerability allows attackers with database write access to craft malicious entry names containing absolute paths or directory traversal sequences. When a backup is restored, these entries can escape the intended restore directory and create/overwrite arbitrary files within the application's privilege scope. Organizations running vulnerable Weaviate OSS versions are affected.

📋 TL;DR

This vulnerability allows attackers with database write access to craft malicious entry names containing absolute paths or directory traversal sequences. When a backup is restored, these entries can escape the intended restore directory and create/overwrite arbitrary files within the application's privilege scope. Organizations running vulnerable Weaviate OSS versions are affected.

💻 Affected Systems

Products:

Weaviate OSS

Versions: All versions before 1.33.4

Operating Systems: All platforms running Weaviate

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have insert/update permissions in the database and ability to trigger or influence backup restoration.

📦 What is this software?

Weaviate by Weaviate

View all CVEs affecting Weaviate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary file write leading to remote code execution, data destruction, or privilege escalation.

🟠

Likely Case

Data corruption, service disruption, or sensitive file exposure through crafted backup restoration.

🟢

If Mitigated

Limited impact if proper access controls restrict database write permissions and backup restoration is monitored.

🌐 Internet-Facing: MEDIUM - Requires attacker to have database write access, which may be exposed via API endpoints.

🏢 Internal Only: HIGH - Internal attackers with legitimate database access can exploit this during backup operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple path manipulation once database access is obtained.

Exploitation requires two conditions: 1) Database write access 2) Backup restoration operation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.33.4 and later

Vendor Advisory: https://weaviate.io/blog/weaviate-security-release-november-2025

Restart Required: Yes

Instructions:

1. Stop Weaviate service. 2. Update to version 1.33.4 or later. 3. Restart Weaviate service. 4. Verify version with 'weaviate --version'.

🔧 Temporary Workarounds

Restrict Database Write Access

all

Limit insert/update permissions to trusted users only.

Configure Weaviate authentication and authorization to restrict write operations

Monitor Backup Operations

all

Implement strict controls and monitoring for backup restoration processes.

Audit backup restoration logs for unusual file paths

🧯 If You Can't Patch

Implement strict access controls to limit who can insert data into the database
Monitor and audit all backup restoration operations for suspicious file paths

🔍 How to Verify

Check if Vulnerable:

Check Weaviate version: if version is less than 1.33.4, system is vulnerable.

Check Version:

weaviate --version

Verify Fix Applied:

Confirm version is 1.33.4 or higher and test backup restoration with malicious path entries.

📡 Detection & Monitoring

Log Indicators:

Unusual file paths in backup restoration logs
Database entries containing absolute paths or '..' sequences

Network Indicators:

Unusual backup restoration requests
Excessive database write operations from single source

SIEM Query:

source="weaviate" AND ("backup restore" OR "restoration") AND (".." OR "/etc/" OR "/root/")

📊 Metadata

CVE ID: CVE-2025-67818

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.3% exploit probability (53.2th percentile)

Published: December 12, 2025

Last Updated: December 19, 2025

🔗 References

https://github.com/weaviate/weaviate Product
https://weaviate.io/blog/weaviate-security-release-november-2025 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67818, you might also want to check these: