CVE-2025-6772
CVE-2025-6772 affects eosphoros-ai DB-GPT up to version 0.7.2. The vulnerability is in the import_flow function of /api/v2/serve/awel/flow/import, where manipulating the File argument enables directory traversal. This can lead to remote exploitation and potential access to files outside the inten...