CVE-2025-25295
Summary: CVE-2025-25295 affects Label Studio and its SDK with a path traversal vulnerability in VOC/COCO/YOLO exports. The root cause is improper file path validation in the label-studio-sdk download function, which processes image references during task exports and can read arbitrary server file...