CVE-2025-6280

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/TransformerOptimus/SuperAGI/issues/1466 Exploit Issue Tracking
https://vuldb.com/?ctiid.313284 Permissions Required VDB Entry
https://vuldb.com/?id.313284 Third Party Advisory VDB Entry
https://vuldb.com/?submit.593614 Third Party Advisory VDB Entry
https://github.com/TransformerOptimus/SuperAGI/issues/1466 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*

History

09 Jul 2025, 23:56

Type Values Removed Values Added
CPE cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*
First Time Superagi
Superagi superagi
References () https://github.com/TransformerOptimus/SuperAGI/issues/1466 - () https://github.com/TransformerOptimus/SuperAGI/issues/1466 - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.313284 - () https://vuldb.com/?ctiid.313284 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.313284 - () https://vuldb.com/?id.313284 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.593614 - () https://vuldb.com/?submit.593614 - Third Party Advisory, VDB Entry

23 Jun 2025, 20:16

Type Values Removed Values Added
References () https://github.com/TransformerOptimus/SuperAGI/issues/1466 - () https://github.com/TransformerOptimus/SuperAGI/issues/1466 -
Summary
  • (es) Se encontró una vulnerabilidad clasificada como crítica en TransformerOptimus SuperAGI hasta la versión 0.0.14. La función "download_attachment" del archivo SuperAGI/superagi/helper/read_email.py del componente EmailToolKit se ve afectada. La manipulación del argumento "filename" provoca un path traversal. Se ha hecho público el exploit y puede que sea utilizado.

19 Jun 2025, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-19 22:15

Updated : 2025-07-09 23:56


NVD link : CVE-2025-6280

Mitre link : CVE-2025-6280

CVE.ORG link : CVE-2025-6280


JSON object : View

Products Affected

superagi

  • superagi
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')