CVE-2025-6283

Medium CVSS: 5.1

A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.

Vendor

Xata

Product

Agent

CWE

CWE-22

Yayın Tarihi

2025-06-19 23:15:21

Güncelleme

2025-09-30 18:32:25

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-22 Agent MEDIUM Xata 2025

Referanslar

https://github.com/xataio/agent/commit/03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc https://github.com/xataio/agent/issues/179 https://github.com/xataio/agent/pull/191 https://github.com/xataio/agent/releases/tag/v0.3.1 https://vuldb.com/?ctiid.313287 https://vuldb.com/?id.313287 https://vuldb.com/?submit.593627 https://github.com/xataio/agent/issues/179

Benzer Kayıtlar

High

CVE-2026-28727

Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber P…

High

CVE-2026-28713

Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyb…

Medium

CVE-2025-30413

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber…

Medium

CVE-2025-11790

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber…

High

CVE-2025-11791

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are a…

High

CVE-2025-11792

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protec…