CVE-2025-6772

Name of the Vulnerable Software and Affected Versions: eosphoros-ai db-gpt versions up to 0.7.2

Description: A critical issue has been found, affecting the import flow function of the file /api/v2/serve/awel/flow/import. The manipulation of the File argument leads to path traversal, allowing for remote attacks.

Recommendations: For versions up to 0.7.2, consider disabling the import flow function as a temporary workaround until a patch is available. Restrict access to the /api/v2/serve/awel/flow/import endpoint to minimize the risk of exploitation. Avoid using the File argument in the affected API endpoint until the issue is resolved.