← back
CVE-2025-0851

Path traversal issue in Deep Java Library

CVSS 9.3 CRITICALEPSS 23.0%CWE-36CWE-73
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
AWS · DeepJavaLibrary
public PoCs found1
githubgithub.com/skrkcb2/CVE-2025-08511
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://aws.amazon.com/security/security-bulletins/AWS-2025-003/https://github.com/deepjavalibrary/djl/releases/tag/v0.31.1https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg