EUVD-2025-8683

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerability found in OpenManus affects File Handler via improper access controls but vendor unresponsive.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-2954	30 Mar 202520:36	–	circl
CNNVD	OpenManus 安全漏洞	30 Mar 202500:00	–	cnnvd
CVE	CVE-2025-2954	30 Mar 202516:31	–	cve
Cvelist	CVE-2025-2954 mannaandpoem OpenManus File file_saver.py execute access control	30 Mar 202516:31	–	cvelist
NVD	CVE-2025-2954	30 Mar 202517:15	–	nvd
OSV	CVE-2025-2954	30 Mar 202517:15	–	osv
RedhatCVE	CVE-2025-2954	1 Apr 202516:51	–	redhatcve
Snyk	Access Control Bypass	30 Mar 202516:42	–	snyk
Vulnrichment	CVE-2025-2954 mannaandpoem OpenManus File file_saver.py execute access control	30 Mar 202516:31	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "216928a2-39af-3284-9392-d30f64d18920",
        "vendor": {
          "name": "mannaandpoem"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "05966653-fc36-38d3-95c0-18f087149247",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.11"
      },
      {
        "id": "130c5a01-4ca0-3c7f-b28b-7d3cfbe0b563",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.2"
      },
      {
        "id": "25cdf9ee-e3f4-32af-939d-50e24cf9de45",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.0"
      },
      {
        "id": "2d78a776-7bad-352e-8eae-8bc73a7d7a33",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.5"
      },
      {
        "id": "3c2b0088-44d9-3f5c-a59a-4a83a2cd26ee",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.13"
      },
      {
        "id": "50af9b0d-454c-3243-90ec-e6cf29197644",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.3"
      },
      {
        "id": "5bf72848-0ade-3355-91aa-485e3e08d455",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.9"
      },
      {
        "id": "64bf34a6-b826-3635-8a8f-050db4d349e5",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.12"
      },
      {
        "id": "67433d61-6bf1-3983-9cb1-d7cb5ece04e5",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.4"
      },
      {
        "id": "808c668a-c3eb-3b87-8d7e-474e92ec4860",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.6"
      },
      {
        "id": "95af2d09-f305-3194-b3a0-82979b8e474a",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.1"
      },
      {
        "id": "9817d3a7-0482-3266-8dd4-8cf63f067f0a",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.7"
      },
      {
        "id": "dc74701a-14e8-352f-ac2e-439c0872bbb5",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.10"
      },
      {
        "id": "ea65ee5b-3572-3096-bdd0-736e5898aa75",
        "product": {
          "name": "OpenManus"
        },
        "product_version": "2025.3.8"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-2954
magnificent-dill-351	www.magnificent-dill-351.notion.site/Arbitrary-File-Writing-in-OpenManus-2025-3-13-1b9c693918ed805e8e7fd35a896d2d41
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

03 Oct 2025 20:07Current

4.4Medium risk

Vulners AI Score4.4

CVSS 44.8

CVSS 3.13.3 - 5.5

CVSS 21.7

CVSS 33.3

EPSS0.00096

SSVC

vulnerability openmanus access controls file handler local access exploit disclosure