CVE-2025-64712 – Unstructured.io Remote Code Execution Vulnerability
“A flaw in an AI data processing platform could let attackers run code and take control of systems handling sensitive documents.”
This patch addresses a critical vulnerability (CVE-2025-64712) affecting Unstructured.io, a platform used to ingest and process large volumes of structured and unstructured data for AI and machine learning workflows. The issue stems from improper validation of externally supplied inputs during document processing operations.
An attacker could exploit the flaw by supplying specially crafted input files or processing requests, which may trigger remote code execution on the host system running the Unstructured platform. Successful exploitation could allow attackers to access sensitive processed data, manipulate AI pipelines, or gain full control of the underlying server environment. CVE-2025-64712 carries a CVSS v3.1 score of 9.8 (Critical).
Security updates correct the unsafe input handling and strengthen validation within the document parsing and processing components. Systems running vulnerable versions remain exposed to remote compromise until the patched version of Unstructured.io is deployed.