[Security] Fix CRITICAL vulnerability: CVE-2025-64712

[orbisai0security]

Security Fix

This PR addresses a CRITICAL severity vulnerability detected by our security scanner.

Security Impact Assessment

Aspect	Rating	Rationale
Impact	Critical	In MiroFish's backend, which likely processes unstructured data including MSG files via the Unstructured library, exploitation could allow an attacker to write arbitrary files on the server, potentially leading to remote code execution or full system compromise by overwriting critical system files or injecting malicious code.
Likelihood	High	MiroFish appears to be a backend service handling data processing, making it susceptible if it accepts user-uploaded MSG attachments; attackers with access to file upload endpoints could easily craft malicious MSG files using publicly available tools, given the common use of document processing in such repositories.
Ease of Fix	Medium	Remediation involves updating the Unstructured library to a patched version as indicated by the provided commit and advisory, requiring dependency updates in uv.lock, moderate testing to ensure compatibility with MiroFish's data processing workflows, and potential refactoring if API changes are involved.

Vulnerability Details

• Rule ID: CVE-2025-64712
• File: backend/uv.lock
• Description: Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

Changes Made

This automated fix addresses the vulnerability by applying security best practices.

Files Modified

• backend/requirements.txt

Verification

This fix has been automatically verified through:

• ✅ Build verification
• ✅ Scanner re-scan
• ✅ LLM code review

🤖 This PR was automatically generated.