CVE-2025-51475

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-51475
Type cve
Published 2025-07-22T20:15:25
Last Seen 2025-07-22T20:26:00
Modified 2025-07-22T20:15:25

CVSS Information

Base Score 5.0 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Analysis

AI Description A vulnerability in TransformerOptimus SuperAGI allows remote attackers to overwrite arbitrary files due to improper handling of directory traversal and lack of path validation. This could lead to significant system compromise.
AI Severity Medium
AI Vendor TransformerOptimus
AI Product TransformerOptimus SuperAGI
AI Version 0.0.14

Additional Information

CVE List CVE-2025-51475
CWE List CWE-22
Bulletin Family cve

Description

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir().

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.