CVE-2025-6280 | TransformerOptimus SuperAGI up to 0.0.14 EmailToolKit read_email.py download_attachment filename path traversal (Issue 1466)

Inserito da Angelo Barbosa | Giu 19, 2025 | CVE

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal.

This vulnerability is traded as CVE-2025-6280. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

CVE-2025-6280 | TransformerOptimus SuperAGI up to 0.0.14 EmailToolKit read_email.py download_attachment filename path traversal (Issue 1466)

Post correlati

CVE-2023-40143 | Westermo Lynx 206-F2G 4.24 forward.0.domain cross site scripting (icsa-24-023-04)

CVE-2023-48285 | Accept Stripe Payments Plugin up to 2.0.79 on WordPress Content injection

CVE-2024-35238 | stacklok Minder up to 0.0.50 $checksumref allocation of resources

CVE-2024-28753 | RaspAP up to 3.0.9 Request information disclosure