CVE-2025-64712
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
描述
A Path Traversal vulnerability in the `partition_msg` function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. ## Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal sequences (e.g., `../../../etc/cron.d/malicious`). When processed with `process_attachments=True`, the library writes the attachment to an attacker-controlled path, potentially leading to: - Arbitrary file overwrite - Remote code execution (via overwriting configuration files, cron jobs, or Python packages) - Data corruption - Denial of service ## Affected Functionality The vulnerability affects the MSG file partitioning functionality when `process_attachments=True` is enabled. ## Vulnerability Details The library does not sanitize attachment filenames in MSG files before using them in file write operations, allowing directory traversal sequences to escape the intended output directory. ## Workarounds Until patched, users can: - Set `process_attachments=False` when processing untrusted MSG files - Avoid processing MSG files from untrusted sources - Implement additional filename validation before processing
如何修補 CVE-2025-64712
要修補 CVE-2025-64712,請將受影響套件升級到下列已修補版本。
- —升級至 0.18.18 或更新版本
CVE-2025-64712 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 0.18.18
CVSS 分數
| 來源 |
|---|