CVE-2025-51475 Information
Jul 23, 2025
cve
Description
Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir().
Reference
https://github.com/TransformerOptimus/SuperAGI https://github.com/TransformerOptimus/SuperAGI/pull/1463 https://www.gecko.security/blog/cve-2025-51475
Related CNNVD
CNNVD-202507-2918 (Published: 2025-07-22)
Share on: