Weaviate security release - fixes CVE-2025-67818 & CVE-2025-67819

AI Impact Summary

Weaviate has released security patches addressing two critical vulnerabilities: CVE-2025-67818 and CVE-2025-67819. The first, a high-severity path traversal vulnerability in the backup modules, allows attackers to overwrite files within Weaviate's privileged scope via manipulated backup zip files. The second, a medium-severity path traversal vulnerability in the shard movement API, enables attackers to read arbitrary files by crafting malicious filenames. Immediate action is required to update Weaviate versions prior to 1.30.20 to mitigate these risks.