CVE-2025-68430
MEDIUMDescription
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of contained files and subdirectories. The contents of files are not accessible. Version 2.53.0 contains a patch. No known workarounds are available.
Is your site exposed to CVE-2025-68430?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cvat | computer_vision_annotation_tool |
References
Frequently Asked Questions
What is CVE-2025-68430? +
How severe is CVE-2025-68430? +
What products are affected by CVE-2025-68430? +
How do I check if I'm vulnerable to CVE-2025-68430? +
Related Vulnerabilities
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template …
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the …
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs …
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, …
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. …
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller …