OpenBMB XAgent community path traversal

June 19, 2025 invoker category_cve

CVE Details

Basic Information

Title OpenBMB XAgent community path traversal
Type cve
Published 2025-06-19T21:31:05.566Z
Last Seen

Product Information

Vendor OpenBMB
Product XAgent
Version 1.0

CVSS Information

Base Score 5.1 (MEDIUM)
Attack Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A path traversal vulnerability in OpenBMB XAgent up to version 1.0.0 allows attackers to access unauthorized files by exploiting the /conv/community functionality. This could lead to sensitive data exposure or system compromise.
AI Severity Medium
Vendor OpenBMB
Product XAgent
Affected Version 1.0.0

Affected Products

  • OpenBMB XAgent 1.0

Additional Information

CVE List
CWE List CWE-22
Bulletin Family

Description

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.