CVE-2025-64712

CRITICAL
2026-02-04 [email protected] GHSA-gm8q-m8mv-jj5m
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch Released
Feb 27, 2026 - 20:30 nvd
Patch available
CVE Published
Feb 04, 2026 - 18:16 nvd
CRITICAL 9.8

Tags

Path Traversal Unstructured

Description

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.

Analysis

The unstructured Python library for document ingestion has a path traversal vulnerability allowing arbitrary file read/write during document processing.

Technical Context

The unstructured library has a CWE-22 path traversal vulnerability that allows attackers to read or write arbitrary files on the server when processing crafted documents.

Affected Products

['unstructured Python library (before patch)']

Remediation

Update the unstructured library. Validate file paths during document processing.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: 0

Share

CVE-2025-64712 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy