CVE-2025-64485 is a path traversal vulnerability (CWE-22) affecting the CVAT (Computer Vision Annotation Tool) open source software, specifically versions from 2.4.0 up to 2.48.1. CVAT is widely used for interactive video and image annotation in computer vision projects. The vulnerability arises because the application improperly limits pathname access, allowing a user with at least the User global role to create or overwrite files outside the intended directory boundaries. When a file share is mounted, the attacker can write files directly to the root of this share, potentially overwriting critical files or planting malicious files. If no file share is mounted, the attacker can write files into the import worker container’s share directory, which could be exploited to fill disk space and cause denial of service due to resource exhaustion. The vulnerability does not require elevated privileges beyond the User role, nor does it require user interaction, making exploitation relatively straightforward for authenticated users. The CVSS v4.0 score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, no privileges required beyond User role, and no user interaction. The vulnerability was published on November 7, 2025, and fixed in CVAT version 2.49.0. No public exploits have been reported yet, but the potential for file system manipulation and denial of service is significant in environments where CVAT is deployed with shared file systems.

For European organizations using CVAT versions 2.4.0 through 2.48.1, this vulnerability poses a risk of unauthorized file creation and overwriting, which can compromise data integrity and availability. Attackers with User role access could overwrite important files or plant malicious files in shared storage, potentially disrupting annotation workflows or corrupting datasets. In cases where no file share is mounted, attackers could fill disk space within the import worker container, leading to denial of service conditions that impact availability of the annotation service. This could delay critical computer vision projects, affecting sectors such as automotive, healthcare, and manufacturing that rely on CVAT for AI training data. The vulnerability does not directly expose confidentiality but could be leveraged as part of a larger attack chain. Given the collaborative nature of CVAT deployments, insider threats or compromised user accounts increase the risk. Organizations with multi-tenant or shared environments are particularly vulnerable to cross-user impacts.

European organizations should immediately upgrade CVAT to version 2.49.0 or later, where this vulnerability is fixed. Until upgrade is possible, restrict User global role assignments to trusted personnel only and monitor file share directories for unauthorized file creation or modification. Implement strict access controls on mounted file shares and container storage to prevent unauthorized writes. Employ container runtime security tools to detect abnormal file system usage or disk space consumption in the import worker container. Regularly audit user activities within CVAT to detect suspicious behavior. Consider isolating CVAT instances per project or team to limit the blast radius of a compromised user account. Additionally, integrate CVAT logs with centralized SIEM solutions to enable timely detection of exploitation attempts. Finally, educate users about the risks of privilege misuse and enforce strong authentication and session management to reduce the likelihood of account compromise.