Path Traversal in Humansignal Label-studio

CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and Y…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (32.2th percentile) — read the EPSS interpretation.

Affected products

Humansignal Label-studio — versions < 1.0.10

Weakness classification (CWE)

References

https://github.com/HumanSignal/label-studio/security/advisories/GHSA-rgv9-w7jp-m23g (x_refsource_CONFIRM)
https://github.com/HumanSignal/label-studio-sdk/commit/4a9715c6b0b619371e89c09ea8d1c86ce5c880df (x_refsource_MISC)