VYPR
High severity8.2NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026

CVE-2025-0452

CVE-2025-0452

Description

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '\' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete any files on the host system by manipulating the 'plugin_repo_name' variable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: latest
  • eosphoros-ai/eosphoros-ai/db-gptv5
    Range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.