DESTRUCTURED - Critical Vulnerability in Unstructured.io (CVE-2025–64712)

A critical path-traversal vulnerability (CVE-2025-64712, CVSS 9.8) in the Unstructured.io open-source library allows attackers to write arbitrary files (and likely achieve RCE) by crafting .msg attachments that overwrite filesystem paths; the issue affects a wide supply chain of AI/document-processing tools and has been patched in version 0.18.18.