CVE-2025-8917
📋 TL;DR
A path traversal vulnerability in allegroai/clearml v2.0.1 allows attackers to write arbitrary files outside intended directories via improper handling of symbolic and hard links in the safe_extract function. This can lead to remote code execution if critical system files are overwritten. Users of allegroai/clearml version v2.0.1 are affected.
💻 Affected Systems
- allegroai/clearml
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full system compromise through overwriting critical system files or configuration files.
Likely Case
Arbitrary file writes leading to data corruption, privilege escalation, or denial of service.
If Mitigated
Limited to file writes within restricted directories if proper file system permissions and containerization are implemented.
🎯 Exploit Status
Exploitation requires ability to upload files to clearml and knowledge of the vulnerable function usage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.0.2 or later
Vendor Advisory: https://github.com/allegroai/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73
Restart Required: Yes
Instructions:
1. Update clearml to version v2.0.2 or later using pip: pip install --upgrade clearml>=2.0.2
2. Restart all clearml services and applications using the library.
🔧 Temporary Workarounds
Disable file upload processing
allTemporarily disable clearml's file upload and extraction functionality until patched.
Configure clearml to reject all file uploads or disable archive processing features
Implement file system restrictions
linuxRun clearml in a container or chroot jail with restricted file system access.
docker run --read-only -v /safe/path:/data clearml
chroot /jail/path clearml
🧯 If You Can't Patch
- Implement strict file upload validation to reject archives containing symbolic or hard links.
- Run clearml with minimal file system permissions and in isolated environments.
🔍 How to Verify
Check if Vulnerable:
Check clearml version: python -c "import clearml; print(clearml.__version__)" - if output is '2.0.1', system is vulnerable.Check Version:
python -c "import clearml; print(clearml.__version__)"Verify Fix Applied:
After update, verify version is 2.0.2 or later: python -c "import clearml; print(clearml.__version__)"📡 Detection & Monitoring
Log Indicators:
- Unusual file write operations outside expected directories
- Failed file extraction attempts with path traversal patterns
Network Indicators:
- Large or unusual file uploads to clearml endpoints
SIEM Query:
source="clearml" AND (event="file_write" AND path NOT CONTAINS "/expected/path/") OR (event="extract_failed" AND error="path_traversal")