CVE-2025-6772

Medium CVSS: 6.9

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor

Dbgpt

Product

Db-gpt

CWE

CWE-22

Yayın Tarihi

2025-06-27 19:15:31

Güncelleme

2025-09-15 13:53:08

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-22 Db-gpt MEDIUM Dbgpt 2025

Referanslar

https://github.com/eosphoros-ai/DB-GPT/issues/2774 https://vuldb.com/?ctiid.314088 https://vuldb.com/?id.314088 https://vuldb.com/?submit.601028

Benzer Kayıtlar

Medium

CVE-2025-51458

SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary S…

Medium

CVE-2025-51459

File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers t…

High

CVE-2025-0452

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/up…

Critical

CVE-2024-10902

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Uplo…

High

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance…

High

CVE-2024-10829

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0…