Cyber Resilience

CVE-2022-25882

HighPublic PoC

Published: 26 January 2023

Published
26 January 2023
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0583 90.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-25882 is a high-severity Path Traversal (CWE-22) vulnerability in Linuxfoundation Onnx. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Versions of the ONNX package before 1.13.0 contain a directory traversal vulnerability in the handling of the external_data field within tensor proto structures. An attacker-supplied path such as "../../../etc/passwd" can reference files outside the model directory or any user-specified location, enabling unauthorized access to arbitrary filesystem content. The issue is tracked as CWE-22 and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, low complexity, and no required authentication or user interaction.

An unauthenticated remote attacker can supply a malicious ONNX model file that triggers the flaw during loading or validation, resulting in disclosure of sensitive files on the host system with high confidentiality impact but no direct integrity or availability effects.

References point to a fix merged in commit f369b0e and pull request 4400 that addresses the path validation logic in checker.cc, with the corrected behavior shipping in version 1.13.0. The associated GitHub issue 3991 and proof-of-concept gist further document the traversal vector and the scope of the remediation.

ONNX is widely used in machine-learning pipelines for model interchange, placing the vulnerability in an AI/ML context; EPSS scores have remained low and stable with a current value of 0.0583 against a peak of 0.0602.

EU & UK References

Vulnerability details

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linuxfoundation
onnx
≤ 1.13.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References