Critical severityNVD Advisory· Published Feb 20, 2025· Updated Apr 15, 2026

CVE-2025-0868

Description

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..

This issue affects DocsGPT: from 0.8.1 through 0.12.0.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
docsgptnpm	>= 0.8.1, <= 0.12.0	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-9gff-5v8w-x922ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-0868ghsaADVISORY
cert.pl/en/posts/2025/02/CVE-2025-0868ghsaWEB
cert.pl/posts/2025/02/CVE-2025-0868ghsaWEB
cert.pl/en/posts/2025/02/CVE-2025-0868/nvd
cert.pl/posts/2025/02/CVE-2025-0868/nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000