Primary

Context

CVAT File Overwrite Vulnerability for Users with Global Role

Vulnerability

Patched

A vulnerability in CVAT (Computer Vision Annotation Tool) versions 2.4.0 through 2.48.1 allows malicious users with at least the User global role to create or overwrite files in the root of a mounted file share. If no file share is mounted, the user can write files to the share directory of the import worker container, potentially consuming available disk space.

Impact

Exploitation of this vulnerability could lead to unauthorized file creation or modification, with potential disruption of disk space availability.

Remediation

Users are advised to update CVAT to version 2.49.0 or later.

Added: Nov 8, 2025, 12:20 AM

Updated: Nov 8, 2025, 12:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.9

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.9

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CVAT File Overwrite Vulnerability for Users with Global Role

Vulnerability

Impact

Remediation

Affected Products

CVAT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating