Vulnerability in Cvat-ai Cvat

CVE-2025-68430

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessib…

EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.

Affected products

Cvat-ai Cvat — versions >= 2.8.1, < 2.53.0

Weakness classification (CWE)

CWE-24

References

https://github.com/cvat-ai/cvat/security/advisories/GHSA-3g7v-xjh7-xmqx (x_refsource_CONFIRM)
https://github.com/cvat-ai/cvat/commit/2c24ef0c3f8fd94f6c71cff4eafcf11bfcaa5f91 (x_refsource_MISC)