CVE-2025-67818 is a directory traversal vulnerability affecting Weaviate OSS versions before 1.33.4. The flaw arises from insufficient validation of entry names during the restoration of backups. Specifically, an attacker who can insert data into the Weaviate database can craft backup entries with absolute paths (e.g., /etc/passwd) or use parent directory traversal sequences (../../..) to escape the designated restore root directory. When the backup is restored, these crafted entries can cause files to be created or overwritten in arbitrary locations on the file system, constrained only by the privileges of the Weaviate application process. This can lead to unauthorized modification or creation of files, potentially compromising system integrity or confidentiality. The vulnerability requires the attacker to have the ability to insert data into the database, which may be possible through misconfigurations or compromised credentials. No authentication bypass is indicated, but the attack vector relies on the backup restore functionality processing malicious data. There are no known public exploits or patches at the time of publication, and the CVSS score has not been assigned. The vulnerability highlights the risk of insufficient input validation and improper sandboxing during backup restoration in database-driven applications.

For European organizations, this vulnerability could lead to unauthorized file modifications or overwrites on systems running vulnerable Weaviate OSS instances. This may result in data corruption, privilege escalation if critical system files are overwritten, or disruption of services relying on Weaviate. Confidentiality could be compromised if sensitive files are overwritten or replaced with malicious content. Integrity is directly impacted as attackers can alter files arbitrarily within the application's privilege scope. Availability could be affected if essential files are corrupted, causing service outages. Organizations using Weaviate for critical data management or AI-driven applications may face operational disruptions. The impact is heightened in environments where database insert permissions are widely granted or where backup restore operations are automated without strict validation. Given the lack of known exploits, the immediate risk is moderate, but the potential for damage is significant if exploited.

Organizations should immediately upgrade Weaviate OSS to version 1.33.4 or later once available. Until patches are applied, restrict database insert permissions to trusted users only, minimizing the risk of malicious data insertion. Implement strict input validation and sanitization on data that can influence backup contents. Review and harden backup restore procedures to ensure they do not process entries with absolute or traversal paths. Employ file system monitoring to detect unauthorized file creations or modifications during restore operations. Use application sandboxing or run Weaviate with least privilege to limit the scope of file system access. Regularly audit backup data for suspicious entries before restoration. Additionally, consider isolating backup restore environments from production systems to contain potential damage.