VYPR
Medium severity5.8OSV Advisory· Published Oct 5, 2025· Updated Apr 15, 2026

CVE-2025-8917

CVE-2025-8917

Description

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safe_extract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
clearmlPyPI
< 2.0.22.0.2

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.