A new security issue—CVE-2025-0851—has been discovered in Deep Java Library (DJL), a popular framework for deep learning in Java. This vulnerability can let an attacker write files *anywhere* on your system by sneaking through the unzip and untar features. If you use DJL for machine learning, especially in enterprise or multi-user environments, you need to be aware.
In this post, I'll break down how this bug works, show code examples, provide official reference links, and walk you through a simple exploit scenario.
What’s the Problem?
The flaw lies in ZipUtils.unzip and TarUtils.untar. These methods extract files from archives (ZIPs or TARs). The catch? They don’t thoroughly check if the paths in the archive might go outside the folder you intended. That’s called a path traversal vulnerability.
Where’s the Vulnerability?
In DJL’s code, when a ZIP or TAR file gets unpacked, the code handles filenames like "../../etc/passwd" without enough precautions. That means a crafted archive can make the extraction step place files outside the desired extraction folder.
Let’s look at a simplified, vulnerable extraction function, inspired by DJL's approach
public void unzip(File zipFile, File targetDir) throws IOException {
try (ZipInputStream zis = new ZipInputStream(new FileInputStream(zipFile))) {
ZipEntry entry;
while ((entry = zis.getNextEntry()) != null) {
File outFile = new File(targetDir, entry.getName());
// No validation: a path like "../../bad.txt" will go outside targetDir!
try (FileOutputStream fos = new FileOutputStream(outFile)) {
byte[] buffer = new byte[4096];
int len;
while ((len = zis.read(buffer)) > ) {
fos.write(buffer, , len);
}
}
}
}
}
How Attackers Could Exploit This
1. Create a malicious ZIP or TAR file with filenames like ../../../../tmp/myevilfile.sh.
2. Trigger code using DJL’s unzip() or untar()—maybe through machine learning model packaging or data inputs.
3. Payload lands outside the intended folder (“/tmp” in the above case), potentially anywhere on the file system the Java process can write to.
Suppose a ZIP archive contains this structure
../../.bashrc
../../../../../etc/cron.d/backdoor
model.bin
When unzipped, two unwanted files are written to sensitive base system locations.
Live Exploit Walkthrough
Even without DJL, you can construct a demo using standard Java. Here’s a minimal reproduction (using ZIP as an example):
// This makes a malicious ZIP file
import java.io.*;
import java.util.zip.*;
public class ZipExploitDemo {
public static void main(String[] args) throws Exception {
// 1. Create malicious zip
try (FileOutputStream fos = new FileOutputStream("evil.zip");
ZipOutputStream zos = new ZipOutputStream(fos)) {
String evilPath = "../../tmp/exploit.txt";
zos.putNextEntry(new ZipEntry(evilPath));
zos.write("owned!".getBytes());
zos.closeEntry();
}
// 2. Use vulnerable unzip, as above, to extract
// Now look for /tmp/exploit.txt!
}
}
If your program uses DJL’s vulnerable unzip, a similar attack works.
The Right Way: How to Fix
Always sanitize the paths before extraction. A secure method checks if the resolved target path stays within the intended directory:
File outFile = new File(targetDir, entry.getName());
String canonicalTargetDir = targetDir.getCanonicalPath();
String canonicalOutFile = outFile.getCanonicalPath();
if (!canonicalOutFile.startsWith(canonicalTargetDir + File.separator)) {
throw new IOException("Entry is outside the target dir: " + entry.getName());
}
References
- NIST NVD: CVE-2025-0851
- DJL Github - Issue #3401
- OWASP Path Traversal Basics
- DJL Documentation
Conclusion
CVE-2025-0851 highlights how easy it is for a simple overlook in file extraction to become a critical vulnerability. If you use DJL, update as soon as a patch arrives. Never trust archive content unless your extraction code verifies paths. For Java devs, always take the time to validate file paths proactively.
Stay safe—never underestimate ZIP and TAR!
For more details, see:
- DJL Security Advisory
- Mitre CVE Entry
Timeline
Published on: 01/29/2025 22:15:30 UTC