Security Advisory

CVE-2025-67819

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-12 00:00:00

Last updated 2025-12-12 19:14:30

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files accessible to the service process.

← Browse all CVEs View on cve.org ↗