CVE-2025-51480

HighPublic PoC

Published: 22 July 2025

Published

22 July 2025

Modified

08 October 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-51480 is a high-severity Path Traversal (CWE-22) vulnerability in Linuxfoundation Onnx. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data Destruction (T1485) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the path traversal vulnerability by identifying, reporting, and applying available patches for ONNX 1.17.0 as detailed in GHSA-6rq9-53c3-f7vj and related pull requests.

SI-10 Information Input Validation good match

prevent

Requires validation of external_data.location paths from untrusted ONNX model inputs to block traversal sequences like '../' that bypass directory restrictions.

AC-3 Access Enforcement good match

prevent

Enforces file system access controls to restrict the ONNX process from writing to arbitrary locations outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1485 Data Destruction Impact

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

attack.mitre.org →

T1486 Data Encrypted for Impact Impact

Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Path traversal enables direct arbitrary file overwrite, facilitating data destruction, encryption for impact, and stored data manipulation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

Deeper analysisAI

CVE-2025-51480 is a path traversal vulnerability affecting ONNX version 1.17.0, specifically in the onnx.external_data_helper.save_external_data function. Attackers can exploit it by supplying crafted external_data.location paths containing traversal sequences, which bypass intended directory restrictions and enable overwriting of arbitrary files. The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-22; it was published on 2025-07-22.

The vulnerability can be exploited by remote attackers requiring no privileges, but it demands user interaction, such as convincing a victim to load or process a malicious ONNX model file. Successful exploitation allows arbitrary file overwrites on the target system, resulting in high impacts to confidentiality, integrity, and availability, depending on the overwritten files' locations and privileges of the affected process.

Advisories and patches are detailed in the GitHub security advisory GHSA-6rq9-53c3-f7vj, the ONNX repository, and pull requests #6959 and #7040, which address the issue. Further analysis appears in a Gecko Security blog post at https://www.gecko.security/blog/cve-2025-51480. Security practitioners should apply these updates to mitigate risks in ONNX deployments.

ONNX serves as an open format for machine learning model interoperability, heightening the vulnerability's relevance to AI/ML pipelines involving external data handling. No details on real-world exploitation are available in the provided information.

Details

CWE(s): CWE-22

Affected Products

linuxfoundation

onnx

1.17.0

CVEs Like This One

CVE-2026-34445Same product: Linuxfoundation Onnx

CVE-2026-27489Same product: Linuxfoundation Onnx

CVE-2026-28500Same product: Linuxfoundation Onnx

CVE-2026-27969Same vendor: Linuxfoundation

CVE-2026-33211Same vendor: Linuxfoundation

CVE-2026-35167Same vendor: Linuxfoundation

CVE-2025-59352Same vendor: Linuxfoundation

CVE-2025-40889Shared CWE-22

CVE-2025-69194Shared CWE-22

CVE-2026-41383Shared CWE-22

References

https://github.com/advisories/GHSA-6rq9-53c3-f7vj
Not Applicable · cve@mitre.org
https://github.com/onnx/onnx
Product · cve@mitre.org
https://github.com/onnx/onnx/pull/6959
Exploit, Issue Tracking, Patch, Vendor Advisory · cve@mitre.org
https://github.com/onnx/onnx/pull/7040
Exploit, Issue Tracking, Patch, Vendor Advisory · cve@mitre.org
https://www.gecko.security/blog/cve-2025-51480
Exploit, Third Party Advisory · cve@mitre.org