CVE-2025-0851— Path traversal issue in Deep Java Library
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-0851
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal issue in Deep Java Library
Source: NVD (National Vulnerability Database)
Vulnerability Description
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
绝对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Deep Java Library 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Deep Java Library是Deep Java Library开源的一个开源、高级、与引擎无关的深度学习 Java 框架。 Deep Java Library 0.31.1之前版本存在安全漏洞,该漏洞源于ZipUtils.unzip和TarUtils.untar中存在路径遍历问题,允许恶意行为者将文件写入任意位置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AWS | DeepJavaLibrary | 0.1.0 ~ 0.31.1 | - |
II. Public POCs for CVE-2025-0851
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/skrkcb2/CVE-2025-0851 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-0851
请登录查看更多情报信息。
- Path traversal issue in Deep Java Library - (CVE-2025-0851)vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-0851
IV. Related Vulnerabilities
Same vendor: AWS
- CVE-2026-7461
OS Command Injection in Amazon ECS Agent via FSx Windows Fil - CVE-2026-7426
Out-of-Bounds Write via Unsanitized Prefix Length in Router - CVE-2026-7425
Out-of-Bounds Read in Router Advertisement Option Parser in - CVE-2026-7424
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Pl - CVE-2026-7423
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-
Same weakness: CWE-36
- CVE-2026-6418
PaperCut NG/MF: Path Traversal in Shared Account Synchroniza - CVE-2026-44029
Nix 安全漏洞 - CVE-2026-7217
Deepractice PromptX Document File index.ts read_pdf absolute - CVE-2026-34515
AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in - CVE-2026-4373
JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File R
V. Comments for CVE-2025-0851
No comments yet