CVE-2025-51459 Information
Jul 23, 2025
cve
Description
File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint interacting with plugin_hub._sanitize_filename and plugins_util.scan_plugins.
Reference
https://github.com/eosphoros-ai/DB-GPT/pull/2649 https://www.gecko.security/blog/cve-2025-51459
Related CNNVD
CNNVD-202507-2910 (Published: 2025-07-22)
Share on: