4 matches found
CVE-2025-25295
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...
CVE-2025-25295
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...
CVE-2025-25295
Summary: CVE-2025-25295 affects Label Studio and its SDK with a path traversal vulnerability in VOC/COCO/YOLO exports. The root cause is improper file path validation in the label-studio-sdk download function, which processes image references during task exports and can read arbitrary server file...
berrydb (>=1.0.9 <=1.1.2), datapipe-label-studio-lite (>=0.2.0 <=0.3.3) +2 more potentially affected by CVE-2025-25295 via label-studio-sdk (>=0.0.1 <=0.0.34)
label-studio-sdk PYPI version =0.0.1, =1.0.9, =0.2.0, =0.5.11, =0.0.15, =1.0.0 Source cves: CVE-2025-25295 Source advisory: OSV:GHSA-RGV9-W7JP-M23G...