{"id":"CVE-2025-67818","details":"An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a backup is restored, potentially creating or overwriting files in arbitrary locations within the application's privilege scope.","aliases":["GHSA-7v39-2hx7-7c43","GO-2025-4237"],"modified":"2026-03-23T05:08:37.038054997Z","published":"2025-12-12T17:15:45.583Z","related":["SUSE-SU-2026:0037-1"],"references":[{"type":"ADVISORY","url":"https://weaviate.io/blog/weaviate-security-release-november-2025"},{"type":"PACKAGE","url":"https://github.com/weaviate/weaviate"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weaviate/weaviate","events":[{"introduced":"0"},{"fixed":"eb64dda7ca02ec06165a50be063646ac86986c4d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.33.4"}]}}],"versions":["v1.25.29","v1.25.30","v1.25.31","v1.25.32","v1.25.33","v1.25.34","v1.26.14","v1.26.15","v1.26.17","v1.26.18","v1.27.10","v1.27.11","v1.27.12","v1.27.13","v1.27.14","v1.27.15","v1.27.16","v1.27.17","v1.27.18","v1.27.19","v1.27.20","v1.27.21","v1.27.22","v1.27.23","v1.27.24","v1.27.25","v1.27.26","v1.27.27","v1.28.10","v1.28.11","v1.28.12","v1.28.13","v1.28.14","v1.28.15","v1.28.16","v1.28.3","v1.28.4","v1.28.5","v1.28.6","v1.28.7","v1.28.8","v1.28.9","v1.29.0","v1.29.0-rc.0","v1.29.0-rc.1","v1.29.0-rc.2","v1.29.1","v1.29.10","v1.29.11","v1.29.2","v1.29.3","v1.29.4","v1.29.5","v1.29.6","v1.29.7","v1.29.8","v1.29.9","v1.30.0","v1.30.0-rc.0","v1.30.1","v1.30.10","v1.30.11","v1.30.12","v1.30.13","v1.30.14","v1.30.15","v1.30.16","v1.30.17","v1.30.18","v1.30.19","v1.30.2","v1.30.3","v1.30.4","v1.30.5","v1.30.6","v1.30.7","v1.30.8","v1.30.9","v1.31.0","v1.31.0-rc.0","v1.31.0-rc.1","v1.31.1","v1.31.10","v1.31.11","v1.31.12","v1.31.13","v1.31.14","v1.31.15","v1.31.16","v1.31.17","v1.31.18","v1.31.2","v1.31.3","v1.31.4","v1.31.5","v1.31.6","v1.31.7","v1.31.8","v1.31.9","v1.32.0","v1.32.0-rc.0","v1.32.0-rc.1","v1.32.1","v1.32.10","v1.32.11","v1.32.12","v1.32.13","v1.32.14","v1.32.15","v1.32.16","v1.32.2","v1.32.3","v1.32.4","v1.32.5","v1.32.6","v1.32.7","v1.32.8","v1.32.9","v1.33.0","v1.33.0-rc.0","v1.33.0-rc.1","v1.33.1","v1.33.2","v1.33.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67818.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}