Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-51480

Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

Published

2025-07-22T16:15:30.660

Last Modified

2025-10-08T13:11:30.883

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	onnx	1.17.0	Yes

References

https://github.com/advisories/GHSA-6rq9-53c3-f7vj Not Applicable ([email protected])
https://github.com/onnx/onnx Product ([email protected])
https://github.com/onnx/onnx/pull/6959 Exploit, Issue Tracking, Patch, Vendor Advisory ([email protected])
https://github.com/onnx/onnx/pull/7040 Exploit, Issue Tracking, Patch, Vendor Advisory ([email protected])
https://www.gecko.security/blog/cve-2025-51480 Exploit, Third Party Advisory ([email protected])