CVE-2025-6166

Exploit

EPSS 0.51%
Veröffentlicht 17.06.2025 06:00:19
Zuletzt bearbeitet 08.01.2026 14:46:06
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

frdel Agent-Zero image_get.py image_get path traversal

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Agent-zero ≫ Agent-zero Version < 0.8.4.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.392

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	5.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.5	2.1	1.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.7	5.1	2.9	AV:A/AC:L/Au:S/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://vuldb.com/?id.312641

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.312641

VDB Entry

Permissions Required

https://vuldb.com/?submit.593611

Third Party Advisory

VDB Entry

https://github.com/frdel/agent-zero/issues/383

Vendor Advisory

Exploit

Issue Tracking

https://github.com/frdel/agent-zero/issues/383#issuecomment-2893239897

Issue Tracking

https://github.com/frdel/agent-zero/commit/5db74202d632306a883ccce7339c5bdba0d16c5a

Patch

https://github.com/frdel/agent-zero/releases/tag/v0.8.4.1

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-6166

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6166

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6166

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-6166