CVE-2025-67818 is a directory traversal vulnerability identified in Weaviate OSS prior to version 1.33.4. The flaw arises during the backup restoration process, where the application fails to properly sanitize or validate entry names inserted into the database. An attacker who can insert data entries can craft names containing absolute paths (e.g., /etc/passwd) or parent directory traversal sequences (../../..) to break out of the designated restore root directory. When the backup is restored, these malicious entries cause files to be created or overwritten outside the intended directory scope, limited only by the application's operating system privileges. This vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The CVSS v3.1 base score is 7.2, indicating high severity, with attack vector as network, low attack complexity, requiring high privileges (database insert rights), no user interaction, and impacting confidentiality, integrity, and availability. Although no exploits have been reported in the wild, the potential for critical system compromise exists if exploited. The vulnerability highlights the importance of input validation and strict privilege separation in backup and restore functionalities.

For European organizations, this vulnerability poses a significant risk especially to those using Weaviate OSS in production environments for critical data management or AI-driven applications. Exploitation could lead to unauthorized modification or destruction of system files, potentially causing service outages, data breaches, or persistent backdoors. Confidentiality is at risk if sensitive files are overwritten or malicious files planted to exfiltrate data. Integrity is compromised by unauthorized file modifications, and availability could be disrupted by overwriting essential system or application files. Organizations in sectors such as finance, healthcare, and government, which rely on Weaviate OSS for data indexing or AI services, could face operational disruptions and regulatory consequences under GDPR if data integrity or confidentiality is breached. The requirement for authenticated access reduces exposure but insider threats or compromised credentials could enable exploitation.

Organizations should immediately upgrade Weaviate OSS to version 1.33.4 or later where this vulnerability is patched. Until patching is possible, restrict database insert permissions to trusted users only and monitor for unusual backup restore activities. Implement strict input validation and sanitization on data entries, especially those used in backup and restore processes. Employ application-level access controls to limit who can perform backup restorations. Use file system permissions to restrict the application's ability to write outside designated directories. Conduct regular audits of backup and restore operations and verify integrity post-restore. Additionally, implement network segmentation and monitoring to detect anomalous behavior indicative of exploitation attempts. Finally, maintain an incident response plan tailored to potential file system compromise scenarios.