CVE-2025-68472
CVE-2025-68472 affects MindsDB prior to version 25.11.1. A unauthenticated path traversal in the File Upload API allows reading arbitrary server files and moving them into MindsDB’s storage when the PUT handler in file.py concatenates user-controlled data into a filesystem path for JSON uploads (...