216.73.217.64

CVE-2025-51475

· Published 22/07/2025 20:15 · Modified 22/07/2025 20:15

Labels: CVE-2025-51475 2025-07-22CVE-2025-51475CWE-22[email protected]

Essential information

Published
22/07/2025 20:15
Modified
22/07/2025 20:15
Author
Creator
CVSS
5.0 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CVSS metrics

Description

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir().

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
superagi / transformeroptimus superagi cpe:2.3:a:superagi:transformeroptimus_superagi:0.0.14:*:*:*:*:*:*:*

References