CVE-2025-51475

{"id": "CVE-2025-51475", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.3}]}, "published": "2025-07-22T20:15:25.727", "references": [{"url": "https://github.com/TransformerOptimus/SuperAGI", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/TransformerOptimus/SuperAGI/pull/1463", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://www.gecko.security/blog/cve-2025-51475", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir()."}, {"lang": "es", "value": "Sobrescritura arbitraria de archivos (AFO) en superagi.controllers.resources.upload en TransformerOptimus SuperAGI 0.0.14 permite a atacantes remotos sobrescribir archivos arbitrarios a trav\u00e9s de nombres de archivos sin depurar enviados al endpoint de carga de archivos, debido al manejo inadecuado del directory traversal en os.path.join() y la falta de validaci\u00f3n de ruta en get_root_input_dir()."}], "lastModified": "2025-10-09T16:08:29.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C63CFCE-4FB2-47EC-A731-8C17458675D3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}