ZIP Path Traversal Enables Arbitrary File Write in Collibra Agent

Collibra Agent contains a path traversal vulnerability in its restore handler that allows attackers to write arbitrary files to systems by crafting malicious ZIP archives. The vulnerability stems from improper validation and canonicalization of file paths during ZIP extraction, enabling an attacker to use directory traversal sequences (such as "../") to escape the intended extraction directory and place files anywhere on the filesystem with the privileges of the Agent process. This affects organizations using Collibra for data governance and metadata management, potentially compromising system integrity, enabling code execution, or exposing sensitive data depending on where files are written.

While Casky.ai currently shows zero mapped skills for this specific CVE, practitioners using the platform would benefit from extended reasoning analysis focused on MITRE ATT&CK techniques like T1566 (Phishing - malicious attachment delivery), T1204 (User Execution), and T1547 (Boot or Logon Autostart Execution) when analyzing attack chains involving malicious ZIP files. Security teams investigating Collibra environments should enable file integrity monitoring and input validation controls, then query Casky for skills related to archive extraction abuse, file write anomalies, and privilege escalation patterns. As threat actors refine their exploitation techniques, new defensive skills mapping to path traversal and ZIP-based attacks would enhance detection of both initial compromise attempts and post-exploitation file placement activities commonly observed in APT campaigns.