cvedb.io
CVE-2025-67819
MEDIUM · CVSS 4.9
EPSS exploitation probability: 0%
Published 2025-12-12T17:15:45.697 · Last modified 2026-06-17T09:58:08.260

Summary

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files accessible to the service process.

Affected products

weaviate — weaviate

Does this affect you?

Add your gear to cvedb and we'll alert you only when weaviate ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.