Fixed Intel

CVE-2025-64712

Critical
CVSS 9.8

Description

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.

CVSS Score

9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Classification (CWE)

CWE-22Path TraversalMITRE

Related Articles (1)

Industry News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Mar 9, 2026

References (2)

https://github.com/Unstructured-IO/unstructured/commit/b01d35b2373fd087d2e15162b9c021663c97155dsecurity-advisories@github.comhttps://github.com/Unstructured-IO/unstructured/security/advisories/GHSA-gm8q-m8mv-jj5msecurity-advisories@github.com

Risk Assessment

ELEVATED
Critical CVSS

Details

Severity
Critical
CVSS
9.8
CWE
CWE-22
CISA KEV
No
Articles
1

Timeline

Published

Feb 4, 2026

External Links

NVD (NIST)CVE DetailsMITRE CVE