CVE-2025-0851

Critical

Published: 29 January 2025

Published

29 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.4369 97.5th percentile

Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0851 is a critical-severity Absolute Path Traversal (CWE-36) vulnerability in Amazon (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Ingress Tool Transfer (T1105) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the path traversal vulnerability by requiring timely patching of DJL to version v0.31.1 as specified in the security advisory.

SI-10 Information Input Validation good match

prevent

Enforces validation of file paths in ZIP and TAR archives processed by DJL's extraction utilities to block traversal to arbitrary filesystem locations.

SI-9 Information Input Restrictions partial match

prevent

Imposes restrictions on the structure and content of inputs to archive extraction functions, preventing path traversal sequences like '../' from being processed.

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Arbitrary file write via malicious archive directly enables ingress of attacker-controlled files (T1105); remote unauthenticated exploitation of a library in an application maps to public-facing app exploitation (T1190).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

Deeper analysisAI

CVE-2025-0851 is a path traversal vulnerability in the ZipUtils.unzip and TarUtils.untar functions of the Deep Java Library (DJL), affecting all platforms. Published on 2025-01-29, this issue (CWE-36, CWE-73) allows a bad actor to write files to arbitrary locations on the filesystem. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high-impact exploitation.

The vulnerability is exploitable remotely by unauthenticated attackers with low complexity and no user interaction required. An attacker can supply a malicious ZIP or TAR archive to any application or service using DJL's extraction utilities, enabling arbitrary file writes. This can result in overwriting critical files, executing code, or disrupting services, achieving high confidentiality, integrity, and availability impacts.

Mitigation is addressed in the DJL GitHub security advisory (GHSA-jcrp-x7w3-ffmg) and release v0.31.1, which patches the issue. AWS security bulletin AWS-2025-003 provides further details on the vulnerability in affected environments. Practitioners should update to DJL v0.31.1 and audit applications processing untrusted archives.

DJL, an engine for deep learning model inference and training in Java, introduces AI/ML relevance, as deployments in machine learning pipelines may inadvertently expose the flaw when handling model artifacts or datasets in ZIP/TAR formats. No public exploitation has been reported as of publication.