CVE-2025-68430
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of contained files and subdirectories. The contents of files are not accessible. Version 2.53.0 contains a patch. No known workarounds are available.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0005
Percentile
0,1th
Updated
EPSS Score Trend (Last 86 Days)
24
Path Traversal: '../filedir'
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Applicable Platforms
All platforms may be affected
Application
Computer Vision Annotation Tool by Cvat
Version Range Affected
From
2.8.1
(inclusive)
To
2.53.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/cvat-ai/cvat/commit/2c24ef0c3f8fd94f6c71cff4eafcf11bfcaa5f91
https://github.com/cvat-ai/cvat/security/advisories/GHSA-3g7v-xjh7-xmqx