CVE-2025-64485 is a path traversal vulnerability (CWE-22) affecting CVAT, an open source tool widely used for video and image annotation in computer vision projects. The flaw exists in versions 2.4.0 through 2.48.1, where a user with at least the User global role can exploit improper pathname validation to write files outside the intended directories. Specifically, if a file share is mounted, the attacker can create or overwrite files at the root of that share, potentially compromising data integrity or overwriting critical files. If no file share is mounted, the attacker can write files into the import worker container’s share directory, which may lead to disk space exhaustion and denial of service. The vulnerability does not require user interaction or elevated privileges beyond the User role, making it relatively easy to exploit in environments where users have such access. The issue stems from insufficient sanitization of file paths, allowing directory traversal sequences to escape restricted directories. The vulnerability was publicly disclosed on November 7, 2025, with a CVSS 4.0 base score of 5.3 (medium severity), reflecting network attack vector, low attack complexity, no user interaction, and limited impact on integrity and availability. No known exploits are reported in the wild as of now. The fix was introduced in CVAT version 2.49.0, which properly restricts pathname handling to prevent traversal outside authorized directories.

For European organizations, this vulnerability poses risks primarily to the integrity and availability of annotation data and associated infrastructure. Unauthorized file creation or overwriting can lead to data corruption, loss of critical annotation files, or insertion of malicious files that could be leveraged for further attacks. The ability to fill disk space in the import worker container can cause denial of service, disrupting AI model training and annotation workflows. Organizations relying on CVAT for sensitive or regulated data annotation (e.g., automotive, healthcare, or defense sectors) may face compliance and operational risks. The vulnerability could also be exploited to tamper with annotation results, undermining AI model accuracy and trustworthiness. Given CVAT’s open source nature and adoption in research and industry, the threat surface includes academic institutions, AI startups, and enterprises across Europe. The medium severity rating suggests moderate impact but ease of exploitation by any authenticated user with User role privileges increases the risk in multi-tenant or shared environments.

1. Upgrade all CVAT deployments to version 2.49.0 or later immediately to apply the official patch that fixes the path traversal vulnerability. 2. Restrict User global role assignments strictly to trusted personnel and minimize the number of users with such privileges. 3. Implement strict access controls and monitoring on mounted file shares used by CVAT to detect unauthorized file creation or modification. 4. Use container security best practices for the import worker container, including disk quotas and monitoring to prevent disk space exhaustion. 5. Regularly audit file system integrity and logs for suspicious activity related to file creation or overwriting. 6. Consider network segmentation and isolation of CVAT instances to limit exposure. 7. Educate users about the risks of misuse of their privileges and enforce strong authentication and session management to prevent account compromise. 8. Employ runtime security tools that can detect and block path traversal attempts or anomalous file system operations within CVAT containers.