QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-64485

Back to search

CVE-2025-64485

Published: Nov 7, 2025

Modified: Nov 10, 2025

PUBLISHED

Description

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the user will be able to create files in the share directory of the import worker container, potentially filling up disk space. This issue is fixed in version 2.49.0.

VendorProductVersions

cvat-ai

cvat

affected
<= 2.4.0, < 2.49.0

Weaknesses (CWE)

CWE-22

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now