Summary
Unstructured.io patched a critical path traversal vulnerability (CVE-2025-64712) that allows attackers to achieve remote code execution by processing malicious Outlook .msg files. The flaw enables arbitrary file writes, potentially compromising AI data pipelines across major cloud providers and Fortune 1000 enterprise environments.
Take Action:
If you are processing mail attachments throuh AI, this is an important advisory. Check if you directly use Unstructured.io or update the systems that import and use this library. If you cannot update right away, disable attachment processing in your code and implement controls to sanitize filename attachments.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)