CVE-2025-0452

High CVSS: 8.2

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '\' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete any files on the host system by manipulating the 'plugin_repo_name' variable.

Vendor

Dbgpt

Product

Db-gpt

CWE

CWE-73

Yayın Tarihi

2025-03-20 10:15:52

Güncelleme

2025-07-17 15:56:28

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-73 Db-gpt HIGH Dbgpt 2025

Referanslar

https://huntr.com/bounties/7e854343-3d61-47d4-ad41-c4d2f356a54a

Benzer Kayıtlar

Medium

CVE-2025-51458

SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary S…

Medium

CVE-2025-51459

File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers t…

Medium

CVE-2025-6772

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the functi…

Critical

CVE-2024-10902

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Uplo…

High

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance…

High

CVE-2024-10829

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0…