CVE-2025-56427

High CVSS: 7.5

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

Vendor

Composio

Product

Composio

CWE

CWE-200

Yayın Tarihi

2025-12-04 16:16:21

Güncelleme

2025-12-16 17:52:17

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-200 Composio HIGH Composio 2025

Referanslar

https://github.com/ComposioHQ/composio/blob/master/python/composio/server/api.py#L278 https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md

Benzer Kayıtlar

High

CVE-2024-8955

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allo…

Critical

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools action…

High

CVE-2024-8952

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /ap…

Critical

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform ma…

Critical

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authenticatio…

Medium

CVE-2024-53526

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the han…