CVE-2025-2954

🗓️ 30 Mar 2025 16:31:05Reported by VulDBType

Vulnerability CVE-2025-2954 in OpenManus leads to improper access control in file_saver.py.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-2954	30 Mar 202520:36	–	circl
CNNVD	OpenManus 安全漏洞	30 Mar 202500:00	–	cnnvd
Cvelist	CVE-2025-2954 mannaandpoem OpenManus File file_saver.py execute access control	30 Mar 202516:31	–	cvelist
EUVD	EUVD-2025-8683	3 Oct 202520:07	–	euvd
NVD	CVE-2025-2954	30 Mar 202517:15	–	nvd
OSV	CVE-2025-2954	30 Mar 202517:15	–	osv
RedhatCVE	CVE-2025-2954	1 Apr 202516:51	–	redhatcve
Snyk	Access Control Bypass	30 Mar 202516:42	–	snyk
Vulnrichment	CVE-2025-2954 mannaandpoem OpenManus File file_saver.py execute access control	30 Mar 202516:31	–	vulnrichment

NVD

Vulners

Node

mannaandpoem openmanusRange≤2025.3.13

[
  {
    "vendor": "mannaandpoem",
    "product": "OpenManus",
    "versions": [
      {
        "version": "2025.3.0",
        "status": "affected"
      },
      {
        "version": "2025.3.1",
        "status": "affected"
      },
      {
        "version": "2025.3.2",
        "status": "affected"
      },
      {
        "version": "2025.3.3",
        "status": "affected"
      },
      {
        "version": "2025.3.4",
        "status": "affected"
      },
      {
        "version": "2025.3.5",
        "status": "affected"
      },
      {
        "version": "2025.3.6",
        "status": "affected"
      },
      {
        "version": "2025.3.7",
        "status": "affected"
      },
      {
        "version": "2025.3.8",
        "status": "affected"
      },
      {
        "version": "2025.3.9",
        "status": "affected"
      },
      {
        "version": "2025.3.10",
        "status": "affected"
      },
      {
        "version": "2025.3.11",
        "status": "affected"
      },
      {
        "version": "2025.3.12",
        "status": "affected"
      },
      {
        "version": "2025.3.13",
        "status": "affected"
      }
    ],
    "modules": [
      "File Handler"
    ]
  }
]

Source	Link
magnificent-dill-351	www.magnificent-dill-351.notion.site/Arbitrary-File-Writing-in-OpenManus-2025-3-13-1b9c693918ed805e8e7fd35a896d2d41
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

15 Apr 2025 17:57Current

7.1High risk

Vulners AI Score7.1

CVSS 3.13.3 - 5.5

CVSS 21.7

CVSS 44.8

CVSS 33.3

EPSS0.00096

SSVC

cve-2025-2954 problem access control file_saver.py openmanus vulnerability