CNNVD-202507-2910 Information

CNNVD ID

CNNVD-202507-2910

Related CVE

CVE-2025-51459

• CNNVD Published: 2025-07-22

Description (Chinese)

DB-GPT是eosphoros开源的一个基于 AWEL 和代理的 AI 原生数据应用开发框架。 DB-GPT 0.7.0版本存在安全漏洞，该漏洞源于agent.hub.controller.refresh_plugins存在文件上传漏洞，可能导致执行任意代码。

Description (English)

DB-GPT is an AWEL and proxy-based AI application development framework for the open source of eosphoros. Version 0.7.0 of DB-GPT has a security loophole, which originates from angent.hub.controller.refresh plugins, which may lead to the implementation of any code.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

eosphoros

Published

2025-07-22

Last Modified

2026-02-24

References

https://www.gecko.security/blog/cve-2025-51459 https://github.com/eosphoros-ai/DB-GPT/pull/2649 https://nvd.nist.gov/vuln/detail/CVE-2025-51459 https://access.redhat.com/security/cve/cve-2025-51459

Patch

http://docs.dbgpt.cn/docs/overview/