PT-2025-26246 · Unknown · Xlang-Ai Openagents
Arashimuo
·
Published
2025-06-19
·
Updated
2025-09-30
·
CVE-2025-6282
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
xlang-ai OpenAgents versions up to ff2e46440699af1324eb25655b622c4a131265bb
Description
A critical issue was found in the
create upload file function of the backend/api/file.py file, leading to path traversal. The exploit has been disclosed to the public and may be used. The product uses continuous delivery with rolling releases, and therefore, no version details of affected or updated releases are available.Recommendations
As a temporary workaround, consider disabling the
create upload file function until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xlang-Ai Openagents