Unstructured.io Path Traversal Vulnerability via Email Attachment Exploit
Unstructured.io Library Vulnerability
A critical vulnerability in the Unstructured.io library has been discovered, which could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-64712, is a path traversal vulnerability that arises from the way the library processes Microsoft Outlook message attachments.
About Unstructured.io
Unstructured.io is a popular extract, transform, load (ETL) tool used to convert unstructured data such as PDFs, emails, and Word documents into a structured format that can be easily searched by AI systems. The library is widely used, with 87% of Fortune 1000 companies reportedly relying on it.
Vulnerability Details
The vulnerability was identified by researchers at Cyera, who found that an attacker could exploit the flaw by sending a specially crafted email attachment with a directory traversal sequence in its file name. This would allow the attacker to escape the temporary directory where the attachment is stored and write files to other locations on the host system.
According to the researchers, in a worst-case scenario, an attacker could use this vulnerability to achieve remote code execution (RCE) by writing malicious code to startup scripts, creating cron jobs, or overwriting the SSH “authorized_keys” file to gain backdoor access to the system.
Implications and Mitigation
The vulnerability has significant implications for the supply chain, as the Unstructured library is widely used in the open-source ecosystem. Cyera found that the library was used as a dependency in nearly 10,000 files on GitHub, while a related library, langchain_community.document_loaders, was used in over 100,000 files.
The flaw was fixed in Unstructured.io version 0.18.18, and users of the library are urged to update to this version as soon as possible. The vulnerability highlights the importance of timely patching and supply chain visibility in preventing attacks that could result in data exfiltration, secrets theft, and lateral movement.
Conclusion
Cyera’s research also underscored the potential “blast radius” of the flaw, given the widespread use of the Unstructured library. The company noted that the vulnerability could have significant consequences for organizations that rely on the library, and emphasized the need for prompt action to mitigate the risk.
The discovery of this vulnerability serves as a reminder of the importance of securing the supply chain and ensuring that widely used libraries and dependencies are free from critical flaws. As the use of open-source software continues to grow, the potential attack surface expands, making it essential for organizations to prioritize vulnerability management and patching.
About Author
English