PT-2025-13624 · Mannaandpoem · Openmanus

S0L42

Published

2025-03-30

Updated

2025-03-30

CVE-2025-2954

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions mannaandpoem OpenManus versions up to 2025.3.13

Description A problematic issue was found in the File Handler component, specifically affecting the execute function of the file app/tool/file saver.py. This leads to improper access controls. Local access is required for an attack. The issue has been publicly disclosed and may be exploited.

Recommendations For mannaandpoem OpenManus versions up to 2025.3.13, as a temporary workaround, consider restricting access to the execute function of the app/tool/file saver.py file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2025-2954

Affected Products

Openmanus

PT-2025-13624 · Mannaandpoem · Openmanus

CVE-2025-2954

Weakness Enumeration

Related Identifiers

Affected Products

References · 10