Unrated severityNVD Advisory· Published Jul 22, 2025· Updated Jul 22, 2025

CVE-2025-51475

Description

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir().

Affected products

TransformerOptimus/SuperAGIdescription
TransformerOptimus/Superagillm-fuzzy
Range: =0.0.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/TransformerOptimus/SuperAGI/pull/1463mitre
www.gecko.security/blog/cve-2025-51475mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000