CVE-2025-6280

Medium CVSS: 5.1

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Vendor

Superagi

Product

Superagi

CWE

CWE-22

Yayın Tarihi

2025-06-19 22:15:20

Güncelleme

2025-07-09 23:56:04

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-22 Superagi MEDIUM Superagi 2025

Referanslar

https://github.com/TransformerOptimus/SuperAGI/issues/1466 https://vuldb.com/?ctiid.313284 https://vuldb.com/?id.313284 https://vuldb.com/?submit.593614 https://github.com/TransformerOptimus/SuperAGI/issues/1466

Benzer Kayıtlar

Medium

CVE-2025-51472

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execu…

Medium

CVE-2025-51475

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows rem…

High

CVE-2024-9439

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers…

Medium

CVE-2024-9447

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisat…

High

CVE-2024-9415

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. Th…

Medium

CVE-2024-9418

In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in…