Directory Traversal Vulnerability in Weaviate OSS by Weaviate
CVE-2025-67818

7.2HIGH

Key Information:

Vendor: Weaviate
Status: Weaviate OSS
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-67818?

Weaviate OSS before version 1.33.4 is susceptible to a directory traversal issue that allows attackers with data insert access to exploit the system. By injecting an entry name that includes an absolute path or using techniques like parent directory traversal (e.g., ../../..), malicious actors can bypass the application's restore root during backup restoration processes. This flaw could enable unauthorized creation or overwriting of files within the application's scoped permissions, posing significant risks to system integrity and data security.

References

https://github.com/weaviate/weaviate

https://weaviate.io/blog/weaviate-security-release-novemb...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Dec 12, 2025

CVE-2025-67818 Data

JSON