CVE-2025-0851: 
Java vulnerability analysis and mitigation

A path traversal vulnerability (CVE-2025-0851) was discovered in Deep Java Library (DJL) versions 0.1.0 through 0.31.0. The vulnerability exists in the ZipUtils.unzip and TarUtils.untar utilities that are used for extracting tar and zip model archives when loading models for use with DJL. The issue was disclosed on January 29, 2025, and has been assigned a CVSS score of 9.8 (Critical) (NVD, GitHub Advisory).

The vulnerability stems from a failure to protect against absolute path traversal during the extraction process. Specifically, when an archive is created on a Windows system and extracted on macOS or Linux (or vice versa), it can write artifacts outside the intended destination directory. This cross-platform path traversal issue affects the model archive extraction functionality, which is a core feature used when loading models in DJL (GitHub Advisory).

The vulnerability allows attackers to write files to arbitrary locations on the affected system. In AI and machine learning environments, this could lead to several attack scenarios including: remote SSH takeover through malicious SSH key injection, supply chain attacks via compromised model archives, and potential cross-site scripting (XSS) attacks through injection of rogue HTML files into web-accessible directories (Security Online).

The vulnerability has been patched in DJL version 0.31.1. Users are strongly advised to upgrade to this version or later. As a workaround, users should avoid using model archive files from untrusted sources and only use model archives from official sources like the DJL Model Zoo or models that have been created and packaged by the users themselves (GitHub Advisory).