Vulnerabilities

CVE-2025-67819

by Fred · 12/12/2025

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationService is reachable can read arbitrary files accessible to the service process.

More information : https://github.com/weaviate/weaviate

Similar

Tags: Cybersecurity Alert