CVE-2025-0868

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.8.1 through 0.12.0

Description A vulnerability has been found in DocsGPT that could result in Remote Code Execution (RCE). Due to improper parsing of JSON data using eval(), an unauthorized attacker could send arbitrary Python code to be executed via the "/api/remote" endpoint.

Recommendations To resolve the issue, update to a version later than 0.12.0. As a temporary workaround, consider disabling the eval() function or restricting access to the "/api/remote" endpoint until a patch is available. Avoid using the eval() function to parse JSON data in the affected API endpoint until the issue is resolved.

Exploit

Fix

RCE

Eval Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-95CWE-77

Related Identifiers

BDU:2025-14559

CVE-2025-0868

GHSA-9GFF-5V8W-X922

Affected Products

Docsgpt

CVE-2025-0868

Weakness Enumeration

Related Identifiers

Affected Products

References · 25