CVE-2022-25882
Published: 26 January 2023
Summary
CVE-2022-25882 is a high-severity Path Traversal (CWE-22) vulnerability in Linuxfoundation Onnx. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Versions of the ONNX package before 1.13.0 contain a directory traversal vulnerability in the handling of the external_data field within tensor proto structures. An attacker-supplied path such as "../../../etc/passwd" can reference files outside the model directory or any user-specified location, enabling unauthorized access to arbitrary filesystem content. The issue is tracked as CWE-22 and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, low complexity, and no required authentication or user interaction.
An unauthenticated remote attacker can supply a malicious ONNX model file that triggers the flaw during loading or validation, resulting in disclosure of sensitive files on the host system with high confidentiality impact but no direct integrity or availability effects.
References point to a fix merged in commit f369b0e and pull request 4400 that addresses the path validation logic in checker.cc, with the corrected behavior shipping in version 1.13.0. The associated GitHub issue 3991 and proof-of-concept gist further document the traversal vector and the scope of the remediation.
ONNX is widely used in machine-learning pipelines for model interchange, placing the vulnerability in an AI/ML context; EPSS scores have remained low and stable with a current value of 0.0583 against a peak of 0.0602.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-0183
Vulnerability details
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.