Cyber Resilience

CVE-2025-51480

HighPublic PoC

Published: 22 July 2025

Published
22 July 2025
Modified
08 October 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0037 59.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-51480 is a high-severity Path Traversal (CWE-22) vulnerability in Linuxfoundation Onnx. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked in the top 41.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-51480 is a path traversal vulnerability affecting ONNX version 1.17.0, specifically in the onnx.external_data_helper.save_external_data function. Attackers can exploit it by supplying crafted external_data.location paths containing traversal sequences, which bypass intended directory restrictions and enable overwriting of arbitrary files. The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-22; it was published on 2025-07-22.

The vulnerability can be exploited by remote attackers requiring no privileges, but it demands user interaction, such as convincing a victim to load or process a malicious ONNX model file. Successful exploitation allows arbitrary file overwrites on the target system, resulting in high impacts to confidentiality, integrity, and availability, depending on the overwritten files' locations and privileges of the affected process.

Advisories and patches are detailed in the GitHub security advisory GHSA-6rq9-53c3-f7vj, the ONNX repository, and pull requests #6959 and #7040, which address the issue. Further analysis appears in a Gecko Security blog post at https://www.gecko.security/blog/cve-2025-51480. Security practitioners should apply these updates to mitigate risks in ONNX deployments.

ONNX serves as an open format for machine learning model interoperability, heightening the vulnerability's relevance to AI/ML pipelines involving external data handling. No details on real-world exploitation are available in the provided information.

EU & UK References

Vulnerability details

Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: onnx

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
T1486 Data Encrypted for Impact Impact
Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Path traversal enables direct arbitrary file overwrite, facilitating data destruction, encryption for impact, and stored data manipulation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28500Same product: Linuxfoundation Onnx
CVE-2026-27489Same product: Linuxfoundation Onnx
CVE-2026-34445Same product: Linuxfoundation Onnx
CVE-2026-33211Same vendor: Linuxfoundation
CVE-2026-27969Same vendor: Linuxfoundation
CVE-2026-37531Same vendor: Linuxfoundation
CVE-2025-59352Same vendor: Linuxfoundation
CVE-2026-35167Same vendor: Linuxfoundation
CVE-2026-41491Same vendor: Linuxfoundation
CVE-2026-45224Shared CWE-22

Affected Assets

linuxfoundation
onnx
1.17.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the path traversal vulnerability by identifying, reporting, and applying available patches for ONNX 1.17.0 as detailed in GHSA-6rq9-53c3-f7vj and related pull requests.

prevent

Requires validation of external_data.location paths from untrusted ONNX model inputs to block traversal sequences like '../' that bypass directory restrictions.

prevent

Enforces file system access controls to restrict the ONNX process from writing to arbitrary locations outside intended directories.

References