CNNVD-202506-3595 Information

CNNVD ID

CNNVD-202506-3595

Related CVE

CVE-2025-6772

• CNNVD Published: 2025-06-27

Description (Chinese)

DB-GPT是eosphoros开源的一个基于 AWEL 和代理的 AI 原生数据应用开发框架。 DB-GPT 0.7.2及之前版本存在路径遍历漏洞，该漏洞源于文件/api/v2/serve/awel/flow/import中参数File的错误操作导致路径遍历。

Description (English)

DB-GPT is an AWEL and proxy-based AI application development framework for the open source of eosphoros. DB-GPT 0.7.2 and previous versions have path-to-path loopholes, which stem from the error of the parameter File in the file/api/v2/serv/awel/flow/import.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

eosphoros

Published

2025-06-27

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/cve-2025-6772 https://nvd.nist.gov/vuln/detail/CVE-2025-6772