Medium severity5.5NVD Advisory· Published Jun 19, 2025· Updated Apr 29, 2026

CVE-2025-6280

Description

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Affected products

Superagi/Superagi
cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*
Range: <=0.0.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/TransformerOptimus/SuperAGI/issues/1466nvdExploitIssue Tracking
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000