Miggo Logo
Miggo Vulnerability Database
CVE-2025-10951

CVE-2025-10951: ml-logger has path traversal in the file argument

7.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-10951
GHSA ID
GHSA-8x9j-2p8r-7xc6
EPSS Score
-
CWE
CWE-22
Published
9/25/2025
Updated
9/25/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
ml-loggerpip<= 0.10.36

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is a classic path traversal weakness in the file upload functionality of the ml-logger server. The root cause is the lack of input sanitization for the filename received in a file upload request.

The exploitation flow begins in the LoggingServer.log_handler function. This function receives an HTTP POST request with a file upload. It extracts the filename directly from the Content-Disposition header of the multipart request. This filename is controlled by the attacker.

The untrusted filename is then passed as the key argument to the LoggingServer.log function. The log function, in turn, passes this key to LoggingServer.abs_path to resolve the full destination path for the file.

The abs_path function uses os.path.join to prepend the server's working directory to the filename. os.path.join does not sanitize path traversal sequences (../). Therefore, an attacker can provide a filename like ../../../../etc/passwd to cause the abs_path function to generate a path outside of the intended logging directory.

Finally, the log function uses the generated malicious path to open and write the uploaded file content. This allows an unauthenticated remote attacker to write or overwrite arbitrary files on the server with the privileges of the running process, leading to potential remote code execution or other severe impacts.

Vulnerable functions

LoggingServer.log_handler
ml_logger/server.py
This function is the entry point for the vulnerability. It handles file uploads and directly uses the user-provided filename (`file.name`) from the request without any sanitization. This untrusted filename is then passed to the `self.log` function, leading to a path traversal vulnerability.
LoggingServer.log
ml_logger/server.py
This function receives the malicious filename as the `key` parameter from the `log_handler`. It then uses this `key` to construct a file path by calling `self.abs_path(key)` and writes the uploaded data to that path. It does not validate or sanitize the `key`, thereby allowing the file to be written to an arbitrary location.
LoggingServer.abs_path
ml_logger/server.py
This function is responsible for creating the absolute file path. It uses `os.path.join` to combine a base directory with the `key` (the user-provided filename). `os.path.join` does not prevent path traversal, so if the `key` contains sequences like `../`, the resulting path will point outside the intended directory.

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s i**nti*i** in **y*n* ml-lo***r *.**.** *n* prior. *****t** *y t*is vuln*r**ility is t** *un*tion lo*_**n*l*r o* t** *il* ml_lo***r/s*rv*r.py. Su** m*nipul*tion o* t** *r*um*nt *il* l***s to p*t* tr*v*rs*l. It is possi*l* to l*un**

Reasoning

T** vuln*r**ility is * *l*ssi* p*t* tr*v*rs*l w**kn*ss in t** *il* uplo** *un*tion*lity o* t** `ml-lo***r` s*rv*r. T** root **us* is t** l**k o* input s*nitiz*tion *or t** *il*n*m* r***iv** in * *il* uplo** r*qu*st. T** *xploit*tion *low ***ins in t