CVE-2025-8406 – ZenML version 0.83.1 contains a path traversal ... (How to Fix)

Q: What is the severity of CVE-2025-8406?

CVE-2025-8406 has a CVSS score of 7.8 (HIGH). ZenML version 0.83.1 contains a path traversal vulnerability in the PathMaterializer class that allows attackers to write arbitrary files during data.tar.gz extraction. This occurs because the is_path_within_directory validation fails to properly detect symbolic and hard links. Users running ZenML 0.83.1 with data.tar.gz extraction capabilities are affected.

📋 TL;DR

ZenML version 0.83.1 contains a path traversal vulnerability in the PathMaterializer class that allows attackers to write arbitrary files during data.tar.gz extraction. This occurs because the is_path_within_directory validation fails to properly detect symbolic and hard links. Users running ZenML 0.83.1 with data.tar.gz extraction capabilities are affected.

💻 Affected Systems

Products:

ZenML

Versions: 0.83.1

Operating Systems: All platforms supporting symbolic/hard links

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default configuration when using PathMaterializer with data.tar.gz extraction.

📦 What is this software?

Zenml by Zenml

View all CVEs affecting Zenml →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary command execution through overwriting critical system files or configuration files, potentially leading to full system compromise.

🟠

Likely Case

Arbitrary file writes to sensitive locations, data corruption, or denial of service through file system manipulation.

🟢

If Mitigated

Limited to file writes within the extraction directory if proper sandboxing and link validation are implemented.

🌐 Internet-Facing: MEDIUM - Requires data.tar.gz upload/extraction functionality to be exposed, which may not be common in internet-facing deployments.

🏢 Internal Only: HIGH - Internal users with access to data.tar.gz extraction could exploit this to escalate privileges or compromise the system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires ability to provide malicious data.tar.gz files for extraction. Public proof-of-concept exists in the huntr.com bounty reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 5d22a48d7bf6c7f10b748577c2be79cc7969d398 and later versions

Vendor Advisory: https://github.com/zenml-io/zenml/commit/5d22a48d7bf6c7f10b748577c2be79cc7969d398

Restart Required: No

Instructions:

1. Update ZenML to version after commit 5d22a48d7bf6c7f10b748577c2be79cc7969d398. 2. Verify the PathMaterializer class includes proper link validation. 3. Test data.tar.gz extraction functionality.

🔧 Temporary Workarounds

Disable data.tar.gz extraction

all

Temporarily disable or restrict data.tar.gz extraction functionality in PathMaterializer.

Implement file system sandboxing

linux

Run ZenML in a container or chroot environment with restricted file system access.

docker run --read-only -v /safe/path:/data zenml

🧯 If You Can't Patch

Implement strict input validation for all data.tar.gz files before extraction
Deploy ZenML in isolated environments with minimal file system permissions

🔍 How to Verify

Check if Vulnerable:

Check if running ZenML version 0.83.1 and examine PathMaterializer source code for the vulnerable is_path_within_directory implementation.

Check Version:

pip show zenml | grep Version

Verify Fix Applied:

Verify ZenML version is updated beyond commit 5d22a48d7bf6c7f10b748577c2be79cc7969d398 and test data.tar.gz extraction with malicious links.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside expected extraction directories
Multiple failed extraction attempts with data.tar.gz files

Network Indicators:

Large or unusual data.tar.gz uploads to ZenML endpoints

SIEM Query:

source="zenml" AND ("data.tar.gz" OR "PathMaterializer") AND ("write" OR "extract")

📊 Metadata

CVE ID: CVE-2025-8406

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.08% exploit probability (22.5th percentile)

Published: October 5, 2025

Last Updated: October 30, 2025

🔗 References

https://github.com/zenml-io/zenml/commit/5d22a48d7bf6c7f10b748577c2be79cc7969d398 Patch
https://huntr.com/bounties/a0880d64-9928-45bf-9663-2cd81582d9e7 Exploit,Third Party Advisory
https://huntr.com/bounties/a0880d64-9928-45bf-9663-2cd81582d9e7 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8406, you might also want to check these: