CVE-2025-5150: 
Python vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-5150) was discovered in docarray versions up to 0.40.1, affecting the getitem function in the /docarray/data/torch_dataset.py file of the Web API component. The vulnerability was disclosed on May 25, 2025, and involves improperly controlled modification of object prototype attributes (prototype pollution). The vulnerability has received a CVSS v3.1 Base Score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability exists in the getitem method of MultiModalDataset class which recursively searches python object via dotted paths from input without proper sanitization against unauthorized internal object access. This allows attackers to access internal class objects through paths like .class.base and manipulate them. The vulnerability occurs because the getitem method does not implement checks against unauthorized internal attributes access, allowing attackers to traverse through object paths and potentially modify critical class attributes (GitHub POC).

The vulnerability allows attackers to overwrite internal python runtime class objects, which can lead to Denial of Service (DoS) attacks. When combined with backend code enriching python runtime states, there is potential for Remote Code Execution (RCE) and Cross-Site Scripting (XSS) attacks. The impact is particularly severe when the multimodal dataset operation is deployed through web APIs like FastAPI (GitHub POC, Wiz).

The recommended mitigation is to implement checks against unauthorized internal attributes access in the getitem method of MultiModalDataset. Organizations should upgrade to versions newer than 0.40.1 once a patch is available. The vendor was contacted about this disclosure but did not respond in any way (GitHub POC, NVD).