HIGH🇵🇱 Wersja polska

CVE-2025-23045

CVSS 8.7v4.0pub. 2025-01-28upd. 2025-09-16

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run any of the serverless functions of type tracker from the CVAT Git repository, namely TransT and SiamMask. Deployments with custom functions of type tracker may also be affected, depending on how they handle state serialization. If a function uses an unsafe serialization library such as pickle or jsonpickle, it's likely to be vulnerable. Upgrade to CVAT 2.26.0 or later. If you are unable to upgrade, shut down any instances of the TransT or SiamMask functions you're running.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Cvat Computer Vision Annotation Tool

    APP
    Cvat
    1.1.0 – 2.26.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
ContainerDeserialization
CWE
References

Related vulnerabilities

CVE-2021-45046CRITICAL9.0⚠ KEVten sam produkt

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...

CVE-2026-23516HIGH8.6ten sam produkt

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 thro...

CVE-2026-23526HIGH8.5ten sam produkt

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 thro...

CVE-2024-37164HIGH7.1ten sam produkt

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. ...

CVE-2024-37306HIGH7.1ten sam produkt

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. ...