PT-2025-25626 · Themanojdesai · Python-A2A
Themanojdesai
·
Published
2025-06-17
·
Updated
2025-07-02
·
CVE-2025-6167
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
themanojdesai python-a2a versions up to 0.5.5
Description
A critical vulnerability has been found in themanojdesai python-a2a, affecting the
create workflow function of the file python a2a/agent flow/server/api.py. The manipulation leads to path traversal.Recommendations
To address this issue, upgrade to version 0.5.6. As a temporary workaround, consider restricting access to the
create workflow function until the upgrade is applied.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Python-A2A