Two high-severity vulnerabilities were disclosed in OpenClaw and ONNX that can let attackers write to unintended files and potentially gain code execution. In OpenClaw, GHSA-7XR2-Q9VF-X4R5 describes a symlink traversal issue involving IDENTITY.md that allows an authenticated attacker to append user-controlled content to any file writable by the Node.js process over the network with low complexity and no additional user interaction. The flaw was rated CVSS 8.8 and can affect confidentiality, integrity, and availability, with reported outcomes including privilege escalation, persistent shell access, data corruption, denial of service, and remote code execution.
A separate CVSS 8.8 issue in ONNX, tracked as CVE-2025-51480 / GHSA-Q56X-G2FJ-4RJ6, affects save_external_data and allows path traversal that can overwrite or read arbitrary files when a crafted model is processed. The reported impact includes overwriting files such as ~/.ssh/authorized_keys, ~/.bashrc, or scheduled task definitions, which can escalate to remote code execution under the privileges of the user running the ONNX workflow. In containerized environments, the flaw can also lead to full container compromise and possible lateral movement within a cluster.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
A high-severity vulnerability, CVE-2025-51480, was disclosed in ONNX save_external_data that can lead to arbitrary file overwrite or arbitrary file read in affected model processing workflows. The reported impact includes possible unauthenticated remote code execution through overwriting files such as authorized_keys, shell startup files, or cron jobs, as well as container compromise in some deployments.
A high-severity vulnerability in OpenClaw was disclosed in which an authenticated attacker can abuse symlink traversal via IDENTITY.md to append arbitrary user-controlled strings to files writable by the Node.js process. The issue was described as enabling impacts including privilege escalation, remote code execution, persistent shell access, data corruption, and denial of service.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cvereports.com
Open sourcecvereports.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.