fkie_cve-2025-0452
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-07-17 15:56
Severity ?
Summary
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '\' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete any files on the host system by manipulating the 'plugin_repo_name' variable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/7e854343-3d61-47d4-ad41-c4d2f356a54a | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbgpt:db-gpt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61AFFEB3-6621-4E6A-9B21-AF00DDA707E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the \u0027/v1/agent/hub/update\u0027 endpoint. The application fails to properly filter the \u0027\\\u0027 character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete any files on the host system by manipulating the \u0027plugin_repo_name\u0027 variable."
},
{
"lang": "es",
"value": "La \u00faltima versi\u00f3n de eosphoros-ai/DB-GPT es vulnerable a la eliminaci\u00f3n arbitraria de archivos en sistemas Windows a trav\u00e9s del endpoint \u0027/v1/agent/hub/update\u0027. La aplicaci\u00f3n no filtra correctamente el car\u00e1cter \u0027\\\u0027, que se usa com\u00fanmente como separador en las rutas de Windows. Esta vulnerabilidad permite a los atacantes eliminar cualquier archivo del sistema host manipulando la variable \u0027plugin_repo_name\u0027."
}
],
"id": "CVE-2025-0452",
"lastModified": "2025-07-17T15:56:28.003",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2025-03-20T10:15:52.890",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/7e854343-3d61-47d4-ad41-c4d2f356a54a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…