CVE-2025-64485
CVE-2025-64485 affects CVAT versions 2.4.0–2.48.1. A user with at least the User global role can create files in the root of a mounted file share or overwrite files there; if no share is mounted, files may be created in the import worker container’s share directory, potentially exhausting disk sp...