CNNVD-202506-1986 Information
CNNVD ID
CNNVD-202506-1986
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
Agent Zero是Jan Tomášek个人开发者的一个人工智能框架。 Agent Zero 0.8.4及之前版本存在路径遍历漏洞,该漏洞源于对文件/python/api/image_get.py中参数path的错误操作导致路径遍历。
Description (English)
Agent Zero is an artificial intelligence framework for Jan Tomášek’s personal developer. Agent Zero 0.8.4 and previous versions have path-to-path loopholes, which result from the error of the parameter path in the file/python/api/image get.py.
Hazard Level
Critical
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2025-06-17
Last Modified
2026-02-24
References
https://github.com/frdel/agent-zero/commit/5db74202d632306a883ccce7339c5bdba0d16c5a https://github.com/frdel/agent-zero/releases/tag/v0.8.4.1 https://vuldb.com/?ctiid.312641 https://vuldb.com/?submit.593611 https://github.com/frdel/agent-zero/issues/383 https://github.com/frdel/agent-zero/issues/383#issuecomment-2893239897 https://vuldb.com/?id.312641 https://access.redhat.com/security/cve/cve-2025-6166 https://nvd.nist.gov/vuln/detail/CVE-2025-6166
Patch
https://github.com/frdel/agent-zero/releases
Share on: