CVE-2022-25882

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"

Las versiones del paquete onnx anteriores a la 1.13.0 son vulnerables a Directory Traversal ya que el campo external_data del tensor proto puede tener una ruta al archivo que está fuera del directorio actual del modelo o del directorio proporcionado por el usuario, por ejemplo "../.. /../etc/contraseña"

*Credits: jnovikov

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-02-24 CVE Reserved
2023-01-25 CVE Published
2025-03-30 EPSS Updated
2025-04-01 CVE Updated
2025-04-01 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (6)

URL	Tag	Source
https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129	Broken Link

URL	Date	SRC
https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856	2025-04-01
https://github.com/onnx/onnx/issues/3991	2025-04-01
https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479	2025-04-01

URL	Date	SRC
https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d	2023-11-07
https://github.com/onnx/onnx/pull/4400	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linuxfoundation Search vendor "Linuxfoundation"		Onnx Search vendor "Linuxfoundation" for product "Onnx"				< 1.13.0 Search vendor "Linuxfoundation" for product "Onnx" and version " < 1.13.0"		-		Affected