Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/16 5:20 p.m.12 views

CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS6.2AI score0.00708EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 5:15 p.m.37 views

CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS0.00708EPSS
Exploits0References2
CVE
CVE
added 2025/02/14 4:50 p.m.73 views

CVE-2025-25295

Summary: CVE-2025-25295 affects Label Studio and its SDK with a path traversal vulnerability in VOC/COCO/YOLO exports. The root cause is improper file path validation in the label-studio-sdk download function, which processes image references during task exports and can read arbitrary server file...

8.7CVSS6.3AI score0.00708EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/02/14 3:16 p.m.4 views

berrydb (>=1.0.9 <=1.1.2), datapipe-label-studio-lite (>=0.2.0 <=0.3.3) +2 more potentially affected by CVE-2025-25295 via label-studio-sdk (>=0.0.1 <=0.0.34)

label-studio-sdk PYPI version =0.0.1, =1.0.9, =0.2.0, =0.5.11, =0.0.15, =1.0.0 Source cves: CVE-2025-25295 Source advisory: OSV:GHSA-RGV9-W7JP-M23G...

8.7CVSS5.8AI score0.00708EPSS
Exploits0
Rows per page
Query Builder