CVE-2025-6167
CVE-2025-6167 affects the python-a2a package (up to 0.5.5); the issue is in create_workflow within python_a2a/agent_flow/server/api.py, allowing path traversal. Upgrading to 0.5.6 mitigates the vulnerability. Multiple sources (Red Hat, OSV, GHSA, Snyk, CVE records) describe the same flaw and fix;...