Path Traversal Vulnerability in Geyang ML-Logger
CVE-2025-10951

6.9MEDIUM

Key Information:

Vendor

Geyang

Status
Ml-logger
Vendor
CVE Published:
25 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10951?

A vulnerability exists in Geyang ML-Logger prior to version acf255bade5be6ad88d90735c8367b28cbe3a743, specifically within the log_handler function located in ml_logger/server.py. This flaw allows an attacker to manipulate the argument File, resulting in potential path traversal attacks. Such vulnerabilities can be exploited remotely, which poses a significant risk as publicly available exploits increase the potential for malicious activities. The product employs a rolling release model, which complicates tracking specific affected and updated versions.

Affected Version(s)

ml-logger acf255bade5be6ad88d90735c8367b28cbe3a743

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10951 - Proof of Concept

References

https://vuldb.com/?id.325821
vdb-entrytechnical-description
https://vuldb.com/?ctiid.325821
signaturepermissions-required
https://vuldb.com/?submit.652462
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

0x1f (VulDB User)
JSON
.
CVE-2025-10951 : Path Traversal Vulnerability in Geyang ML-Logger