VYPR
← All advisories
Moderate severityNVD Advisory· Published Jul 22, 2025· Updated Jul 22, 2025

CVE-2025-51481

CVE-2025-51481

Description

Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypassing the intended extension-based check.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local File Inclusion (LFI) in Dagster's gRPC server allows attackers to read arbitrary files via path traversal in ExternalNotebookData requests.

Vulnerability

Details

CVE-2025-51481 is a Local File Inclusion (LFI) vulnerability in Dagster's gRPC server, specifically in the dagster._grpc.impl.get_notebook_data function. The issue arises because the function only validates that the notebook_path ends with .ipynb and uses os.path.abspath(), which does not prevent directory traversal sequences. This allows an attacker to supply paths like ../../etc/passwd.ipynb to bypass the extension check and read arbitrary files [1][3].

Exploitation

An attacker with network access to the Dagster gRPC server can exploit this by crafting an ExternalNotebookData request with traversal sequences in the notebook_path field. By default, the gRPC server binds to localhost, limiting remote exploitation, but in deployments where the server is exposed externally (e.g., custom cloud setups), the attack surface increases. Proof-of-concept scripts demonstrate how to trigger the vulnerability using grpc calls [3][4].

Impact

Successful exploitation allows an attacker to read any file on the server to which the Dagster process has access, potentially disclosing sensitive configuration data, credentials, or proprietary code. The vulnerability does not require authentication and can be executed with minimal effort [1][3].

Mitigation

The vulnerability has been addressed in a fix merged via pull request #30002 on the Dagster GitHub repository [4]. Users are advised to update Dagster to a version containing the patch. As a workaround, ensure the gRPC server is not exposed to untrusted networks and restrict access to trusted clients only.

References
  1. NVD - CVE-2025-51481
  2. CVE-2025-51481: Dagster LFI in gRPC Server's ExternalNotebookData Endpoint
  3. Fixed local file inclusion vulnerability in gRPC server's `ExternalNotebookData` endpoint by geckosecurity · Pull Request #30002 · dagster-io/dagster

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dagsterPyPI
< 1.10.161.10.16

Affected products

2

Patches

1
3a3cec2b5157

Fixed local file inclusion vulnerability in gRPC server's `ExternalNotebookData` endpoint (#30002)

https://github.com/dagster-io/dagsterGecko SecurityMay 19, 2025via ghsa
commit
1 file changed · +10 1
  • python_modules/dagster/dagster/_grpc/impl.py+10 1 modified
    @@ -577,6 +577,15 @@ def get_notebook_data(notebook_path):
             " '.ipynb'."
         )
 
-    with open(os.path.abspath(notebook_path), "rb") as f:
+    requested_path = os.path.abspath(notebook_path)
+    working_dir = os.path.abspath(os.getcwd())
+
+    common_prefix = os.path.commonpath([requested_path, working_dir])
+    if common_prefix != working_dir:
+        raise Exception(
+            "Access denied. Notebook path must be within the current working directory."
+        )
+
+    with open(requested_path, "rb") as f:
         content = f.read()
         return content

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.