CVE-2025-6772 | eosphoros-ai db-gpt up to 0.7.2 import import_flow File path traversal (Issue 2774)

Inserito da Angelo Barbosa | Giu 27, 2025 | CVE

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal.

This vulnerability is traded as CVE-2025-6772. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-6772 | eosphoros-ai db-gpt up to 0.7.2 import import_flow File path traversal (Issue 2774)

Post correlati

CVE-2024-1793 | AWeber Plugin up to 7.3.14 on WordPress sql injection

CVE-2017-13319 | Google Android 7/7.1.1/7.1.2/8/8.1 pvmp3_get_main_data_size.cpp pvmp3_get_main_data_size buffer overflow

CVE-2024-27783 | Fortinet FortiAIOps 2.0.0 cross-site request forgery (FG-IR-24-070)

CVE-2024-6490 | Master Slider Plugin up to 3.9.10 on WordPress cross-site request forgery