A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/TransformerOptimus/SuperAGI/issues/1466 | Exploit Issue Tracking |
https://vuldb.com/?ctiid.313284 | Permissions Required VDB Entry |
https://vuldb.com/?id.313284 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.593614 | Third Party Advisory VDB Entry |
https://github.com/TransformerOptimus/SuperAGI/issues/1466 | Exploit Issue Tracking |
Configurations
History
09 Jul 2025, 23:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:* | |
First Time |
Superagi
Superagi superagi |
|
References | () https://github.com/TransformerOptimus/SuperAGI/issues/1466 - Exploit, Issue Tracking | |
References | () https://vuldb.com/?ctiid.313284 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.313284 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.593614 - Third Party Advisory, VDB Entry |
23 Jun 2025, 20:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/TransformerOptimus/SuperAGI/issues/1466 - | |
Summary |
|
19 Jun 2025, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-19 22:15
Updated : 2025-07-09 23:56
NVD link : CVE-2025-6280
Mitre link : CVE-2025-6280
CVE.ORG link : CVE-2025-6280
JSON object : View
Products Affected
superagi
- superagi
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')