Scan free
HIGHCVE-2025-10951CVSS 7.3

CVE-2025-10951: Path Traversal in ml-logger

Platform

python

Component

ml-logger

Fixed in

255.0.1

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2025-10951 describes a Path Traversal vulnerability discovered in geyang ml-logger. This flaw allows attackers to potentially access sensitive files and directories on the server. The vulnerability affects versions of ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743, and a fix is available in version 255.0.1.

Python

Detect this CVE in your project

Upload your requirements.txt file and we'll tell you instantly if you're affected.

Upload requirements.txtSupported formats: requirements.txt · Pipfile.lock

Impact and Attack Scenarios

The Path Traversal vulnerability in ml-logger allows an attacker to manipulate the 'File' argument within the loghandler function of mllogger/server.py. This manipulation can lead to the attacker gaining access to files outside of the intended directory, potentially exposing sensitive data such as configuration files, source code, or even system files. Given the remote accessibility of this vulnerability, an attacker could exploit it without requiring local access to the system. The availability of a public exploit significantly increases the risk of exploitation.

Exploitation Context

A public proof-of-concept for CVE-2025-10951 is available, indicating a higher probability of exploitation. The vulnerability was disclosed on 2025-09-25. The CVSS score is 7.3 (HIGH), reflecting the potential for significant impact. It is recommended to prioritize remediation due to the public exploit and the ease of remote exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.06% (18% percentile)

CISA SSVC

Exploitationpoc
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R7.3HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityLowRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
Low — partial or intermittent denial of service. Attacker can degrade performance.

Affected Software

Componentml-logger
Vendorgeyang
Affected rangeFixed in
acf255bade5be6ad88d90735c8367b28cbe3a743 – acf255bade5be6ad88d90735c8367b28cbe3a743255.0.1

Weakness Classification (CWE)

CWE-22

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-10951 is to upgrade to version 255.0.1 or later of ml-logger. Since ml-logger uses a rolling release model, precise version details are not always available. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious path traversal attempts (e.g., '../' sequences). Additionally, restrict access to the ml_logger/server.py endpoint and carefully validate any user-supplied input related to file paths. After upgrading, confirm the fix by attempting a path traversal attack and verifying that access is denied.

How to fix

Actualice la biblioteca ml-logger a una versión posterior a acf255bade5be6ad88d90735c8367b28cbe3a743. Si no hay una versión disponible, revise el código de la función log_handler en server.py y corrija la vulnerabilidad de path traversal, validando y sanitizando la entrada del argumento File.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-10951 — Path Traversal in ml-logger?

CVE-2025-10951 is a Path Traversal vulnerability affecting geyang ml-logger versions up to acf255bade5be6ad88d90735c8367b28cbe3a743, allowing attackers to access arbitrary files remotely.

Am I affected by CVE-2025-10951 in ml-logger?

If you are using ml-logger versions prior to 255.0.1, you are potentially affected by this vulnerability. Check your current version against the affected range.

How do I fix CVE-2025-10951 in ml-logger?

Upgrade to ml-logger version 255.0.1 or later to address this vulnerability. Consider WAF rules as a temporary mitigation if upgrading is not immediately possible.

Is CVE-2025-10951 being actively exploited?

A public proof-of-concept exists, indicating a high probability of active exploitation. Prioritize remediation to mitigate the risk.

Where can I find the official ml-logger advisory for CVE-2025-10951?

Refer to the geyang ml-logger project's release notes or security advisories for the official announcement and details regarding this vulnerability.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs