CVE-2025-6280

Name of the Vulnerable Software and Affected Versions TransformerOptimus SuperAGI versions up to 0.0.14

Description A critical issue was found in the EmailToolKit component, specifically in the download attachment function of the file SuperAGI/superagi/helper/read email.py. The manipulation of the filename argument leads to path traversal. The issue has been publicly disclosed and may be exploited.

Recommendations For TransformerOptimus SuperAGI versions up to 0.0.14, consider disabling the download attachment function as a temporary workaround until a patch is available. Restrict access to the EmailToolKit component to minimize the risk of exploitation. Avoid using the filename argument in the affected function until the issue is resolved.