Unrated severityNVD Advisory· Published Jul 22, 2025· Updated Jul 22, 2025

CVE-2025-51459

Description

File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with plugin_hub._sanitize_filename and plugins_util.scan_plugins.

Affected products

eosphoros-ai/DB-GPTdescription
eosphoros-ai/db-gptllm-fuzzy
Range: = 0.7.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/eosphoros-ai/DB-GPT/pull/2649mitre
www.gecko.security/blog/cve-2025-51459mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000