VYPR
← All advisories
Medium severity6.5OSV Advisory· Published Apr 15, 2025· Updated Apr 15, 2026

CVE-2025-32779

CVE-2025-32779

Description

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability. Although the application runs as a non-root user (185), limiting direct impact on system-level files, this vulnerability can still be exploited to overwrite application files (e.g., JAR libraries) owned by the application user. This overwrite can potentially lead to Remote Code Execution (RCE) within the application's context. This issue has been patched in version 5.5.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Zip Slip vulnerability in EDDI before 5.5.0 allows attackers to overwrite arbitrary application files via a malicious ZIP upload, potentially leading to RCE.

Vulnerability

Overview

E.D.D.I (Enhanced Dialog Driven Interface) versions before 5.5.0 contain a Zip Slip vulnerability in the /backup/import API endpoint [1]. The ZIP extraction code in ai.labs.eddi.backup.impl.ZipArchive fails to sanitize entry names, allowing path traversal sequences (e.g., ../) to resolve outside the intended extraction directory [2][3]. This occurs when processing chatbot configuration archives uploaded via the import feature.

Attack

Vector and Prerequisites

An attacker with access to the /backup/import endpoint can upload a crafted ZIP archive containing entries with relative paths [3]. No authentication is bypassed; the attacker must already have access to this API. The application runs as a non-root user (UID 185), but the extracted files can overwrite any file owned by that user, including JAR libraries, configuration files, or executable scripts [2][3].

Impact

Successful exploitation allows arbitrary file write within the application's user context. Overwriting application JAR files or scripts can lead to Remote Code Execution (RCE) when the overwritten code is subsequently loaded or executed [1][2][3]. The impact is limited to files owned by the application user, but this still enables full compromise of the EDDI service.

Mitigation

The vulnerability is patched in EDDI version 5.5.0 [1][3]. The fix includes proper path canonicalization and validation to ensure extracted files remain within the target directory. Users should upgrade immediately. No specific workarounds are available for unpatched versions [3].

References
  1. Fixed Vulnerability in importing of zip files (potential traversal in… · labsai/EDDI@1e207d0
  2. Code Security for Conversational AI: Uncovering a Zip Slip in EDDI
  3. Path Traversal (Zip Slip) in ZIP Import Function

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

2
1e207d0e4f72
https://github.com/labsai/EDDIvia osv
commit
f14dcafff814
https://github.com/labsai/EDDIvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.