Security Advisory

CVE-2025-68430

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-19 17:11:46

Last updated 2025-12-19 17:59:36

Assigner GitHub_M

State PUBLISHED

Description

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of contained files and subdirectories. The contents of files are not accessible. Version 2.53.0 contains a patch. No known workarounds are available.

← Browse all CVEs View on cve.org ↗