PT-2025-26247 · Xataio · Xata Agent
Arashimuo
·
Published
2025-06-19
·
Updated
2025-09-30
·
CVE-2025-6283
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
xataio Xata Agent versions up to 0.3.0
Description
A path traversal issue has been identified, affecting the
GET function of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to this issue.Recommendations
For xataio Xata Agent versions up to 0.3.0, upgrade to version 0.3.1 to address this issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xata Agent