CVE-2025-51475
Last modified
CVE-2025-51475 is a medium-severity vulnerability rated 5/10 on the CVSS scale. Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir().. EPSS estimates a 0.78% chance of exploitation in the next 30 days.
Description
Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir().
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Superagi | Superagi | 0.0.14 |
References
- https://github.com/TransformerOptimus/SuperAGI/pull/1463Exploit, Issue Tracking
- https://www.gecko.security/blog/cve-2025-51475Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-51475?
How severe is CVE-2025-51475?
How do I fix CVE-2025-51475?
Are you affected by CVE-2025-51475?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST