Unstructured Library Exposes Arbitrary File Write RCE Risk

Security researchers disclosed CVE-2025-64712 (CVSS 9.8), a path traversal flaw in Unstructured.io's open-source unstructured ETL library that can permit arbitrary file writes and potential remote code execution on systems processing untrusted documents. The library is widely used across Fortune 1000 AI ingestion pipelines, increasing enterprise blast radius and prompting containment and patching measures.