CVE-2025-49135: CWE-639: Authorization Bypass Through User-Controlled Key in cvat-ai cvat
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the same user. As a result, if an attacker with a CVAT account and a `user` role knows the filenames of other users' uploads, they could potentially access and steal data by creating projects or tasks using those files. This issue does not affect annotation or dataset TUS uploads, since in this case object-specific temporary directories are used. Users should upgrade to CVAT 2.40.0 or a later version to receive a patch. No known workarounds are available.
AI Analysis
Technical Summary
CVE-2025-49135 is an authorization bypass vulnerability affecting the open-source computer vision annotation tool CVAT, specifically versions 2.2.0 through 2.39.0. CVAT allows users to annotate images and videos for machine learning model training. The vulnerability arises from insufficient validation during the import process of project or task backups. When a user imports a project or task backup, the filename is specified via a query parameter. However, CVAT does not verify that the filename corresponds to a TUS-uploaded file owned by the requesting user. TUS is a protocol used for resumable file uploads. This lack of validation means that an authenticated user with a standard 'user' role who knows or can guess filenames of other users' uploaded files can create projects or tasks referencing those files, thereby gaining unauthorized access to potentially sensitive data belonging to other users. Notably, this vulnerability does not affect annotation or dataset TUS uploads because those use object-specific temporary directories, which isolate user data. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key). The CVSS v4.0 base score is 5.3 (medium severity), reflecting a network attack vector, low attack complexity, no privileges required beyond a user role, and no user interaction needed. The impact is primarily on confidentiality, as unauthorized data access is possible. There are no known exploits in the wild, and no workarounds are currently available. The vendor has released CVAT version 2.40.0 or later to address this issue by implementing proper validation of file ownership during import. Organizations using vulnerable CVAT versions should prioritize upgrading to mitigate risk.
Potential Impact
For European organizations, especially those involved in AI, computer vision research, and data annotation, this vulnerability poses a significant risk to data confidentiality. Unauthorized access to uploaded files could lead to exposure of proprietary datasets, personally identifiable information (PII), or sensitive project data. This could result in intellectual property theft, regulatory non-compliance (e.g., GDPR violations), and reputational damage. Since CVAT is used in sectors such as automotive, healthcare, and manufacturing across Europe, unauthorized data disclosure could impact competitive advantage and client trust. The vulnerability requires only authenticated user access, which means insider threats or compromised user accounts could be leveraged to exploit this flaw. The lack of user interaction and low attack complexity increases the likelihood of exploitation once an attacker has valid credentials. Although availability and integrity are not directly impacted, the confidentiality breach alone is critical given the sensitivity of annotated datasets. The absence of known exploits suggests limited current exploitation but does not preclude future attacks, especially as awareness grows.
Mitigation Recommendations
1. Immediate upgrade to CVAT version 2.40.0 or later, which includes the patch validating file ownership during import. 2. Implement strict access controls and monitoring on CVAT user accounts to detect unusual import activities or access patterns, including logging and alerting on project/task imports referencing files outside a user's ownership. 3. Enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce risk of account compromise. 4. Conduct regular audits of uploaded files and project backups to identify any unauthorized access or anomalies. 5. Limit the distribution of file name information and consider obfuscating or randomizing file identifiers to reduce the risk of attackers guessing valid filenames. 6. Where possible, segregate sensitive datasets and restrict CVAT user roles to minimize exposure. 7. Educate users on the importance of safeguarding their credentials and recognizing suspicious activity within CVAT. 8. If upgrading immediately is not feasible, consider network segmentation or firewall rules to restrict access to the CVAT instance to trusted users only, reducing the attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Belgium, Poland
CVE-2025-49135: CWE-639: Authorization Bypass Through User-Controlled Key in cvat-ai cvat
Description
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the same user. As a result, if an attacker with a CVAT account and a `user` role knows the filenames of other users' uploads, they could potentially access and steal data by creating projects or tasks using those files. This issue does not affect annotation or dataset TUS uploads, since in this case object-specific temporary directories are used. Users should upgrade to CVAT 2.40.0 or a later version to receive a patch. No known workarounds are available.
AI-Powered Analysis
Technical Analysis
CVE-2025-49135 is an authorization bypass vulnerability affecting the open-source computer vision annotation tool CVAT, specifically versions 2.2.0 through 2.39.0. CVAT allows users to annotate images and videos for machine learning model training. The vulnerability arises from insufficient validation during the import process of project or task backups. When a user imports a project or task backup, the filename is specified via a query parameter. However, CVAT does not verify that the filename corresponds to a TUS-uploaded file owned by the requesting user. TUS is a protocol used for resumable file uploads. This lack of validation means that an authenticated user with a standard 'user' role who knows or can guess filenames of other users' uploaded files can create projects or tasks referencing those files, thereby gaining unauthorized access to potentially sensitive data belonging to other users. Notably, this vulnerability does not affect annotation or dataset TUS uploads because those use object-specific temporary directories, which isolate user data. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key). The CVSS v4.0 base score is 5.3 (medium severity), reflecting a network attack vector, low attack complexity, no privileges required beyond a user role, and no user interaction needed. The impact is primarily on confidentiality, as unauthorized data access is possible. There are no known exploits in the wild, and no workarounds are currently available. The vendor has released CVAT version 2.40.0 or later to address this issue by implementing proper validation of file ownership during import. Organizations using vulnerable CVAT versions should prioritize upgrading to mitigate risk.
Potential Impact
For European organizations, especially those involved in AI, computer vision research, and data annotation, this vulnerability poses a significant risk to data confidentiality. Unauthorized access to uploaded files could lead to exposure of proprietary datasets, personally identifiable information (PII), or sensitive project data. This could result in intellectual property theft, regulatory non-compliance (e.g., GDPR violations), and reputational damage. Since CVAT is used in sectors such as automotive, healthcare, and manufacturing across Europe, unauthorized data disclosure could impact competitive advantage and client trust. The vulnerability requires only authenticated user access, which means insider threats or compromised user accounts could be leveraged to exploit this flaw. The lack of user interaction and low attack complexity increases the likelihood of exploitation once an attacker has valid credentials. Although availability and integrity are not directly impacted, the confidentiality breach alone is critical given the sensitivity of annotated datasets. The absence of known exploits suggests limited current exploitation but does not preclude future attacks, especially as awareness grows.
Mitigation Recommendations
1. Immediate upgrade to CVAT version 2.40.0 or later, which includes the patch validating file ownership during import. 2. Implement strict access controls and monitoring on CVAT user accounts to detect unusual import activities or access patterns, including logging and alerting on project/task imports referencing files outside a user's ownership. 3. Enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce risk of account compromise. 4. Conduct regular audits of uploaded files and project backups to identify any unauthorized access or anomalies. 5. Limit the distribution of file name information and consider obfuscating or randomizing file identifiers to reduce the risk of attackers guessing valid filenames. 6. Where possible, segregate sensitive datasets and restrict CVAT user roles to minimize exposure. 7. Educate users on the importance of safeguarding their credentials and recognizing suspicious activity within CVAT. 8. If upgrading immediately is not feasible, consider network segmentation or firewall rules to restrict access to the CVAT instance to trusted users only, reducing the attack surface.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-02T10:39:41.633Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 685c1277a1cfc9c6487d9af9
Added to database: 6/25/2025, 3:15:03 PM
Last enriched: 6/25/2025, 3:30:15 PM
Last updated: 8/14/2025, 6:41:30 PM
Views: 18
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.