5 matches found
CVE-2025-0452
creationtimestamp| type| source ---|---|--- 2025-03-20 12:48:45+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114194836488314320 2025-03-20 13:03:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lksr43hsje2l 2025-03-20 13:05:08+00:00| seen|...
CVE-2025-0452
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete...
CVE-2025-0452 Arbitrary File Deletion in eosphoros-ai/DB-GPT
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete...
CVE-2025-0452 Arbitrary File Deletion in eosphoros-ai/DB-GPT
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete...
CVE-2025-0452
CVE-2025-0452 affects eosphoros-ai/DB-GPT (latest) and is described as vulnerable to arbitrary file deletion on Windows via the /v1/agent/hub/update endpoint. The root cause cited across sources is failure to properly filter the backslash character, a common Windows path separator, allowing manip...