CNNVD-202508-798 Information
CNNVD ID
CNNVD-202508-798
Related CVE
- CNNVD Published: 2025-08-08
Description (Chinese)
LMeterX是MigoXLab开源的一个适用于任何LLM API的专业负载测试程序。 LMeterX 1.2.0版本存在路径遍历漏洞,该漏洞源于对文件backend/service/upload_service.py中参数task_id的错误操作导致路径遍历。
Description (English)
LMeterX is a professional load test program for any LLM API that applies to MigoXLab open source. Version 1.2.0 of LMeterX has a path-penetrating loophole, which results from an error in the parameter task id in fileback/service/upload service.py.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
MigoXLab
Published
2025-08-08
Last Modified
2026-02-24
References
https://github.com/MigoXLab/LMeterX/issues/10 https://github.com/MigoXLab/LMeterX/issues/10#issue-3255375024 https://github.com/MigoXLab/LMeterX/issues/10#issuecomment-3136380379 https://vuldb.com/?ctiid.319225 https://vuldb.com/?id.319225 https://vuldb.com/?submit.621741 https://github.com/MigoXLab/LMeterX/commit/f1b00597e293d09452aabd4fa57f3185207350e8 https://access.redhat.com/security/cve/cve-2025-8729
Patch
https://github.com/MigoXLab/LMeterX/releases
Share on: