CVE-2025-6282 Information

Jun 20, 2025 cve

Description

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label ot planned\ by a bot.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://github.com/xlang-ai/OpenAgents/issues/141 https://vuldb.com/?ctiid.313286 https://vuldb.com/?id.313286 https://vuldb.com/?submit.593616

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.5

CNNVD-202506-2608 (Published: 2025-06-19)

Share on: