E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability. Although the application runs as a non-root user (185), limiting direct impact on system-level files, this vulnerability can still be exploited to overwrite application files (e.g., JAR libraries) owned by the application user. This overwrite can potentially lead to Remote Code Execution (RCE) within the application's context. This issue has been patched in version 5.5.0.
{
"cwe_ids": [
"CWE-22"
],
"cna_assigner": "GitHub_M",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32779.json"
}{
"versions": [
{
"introduced": "0"
},
{
"fixed": "5.5.0"
}
]
}[
{
"id": "CVE-2025-32779-0763d0d1",
"target": {
"file": "src/main/java/ai/labs/eddi/backup/impl/RestImportService.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Line",
"digest": {
"line_hashes": [
"71317630867048679488837702755684909378",
"45022368370679015690134347907907242894",
"330544742860629425045431341170523080452",
"206080835495421493518371610450478057058",
"34280767254591096257860084785023345927",
"49990083440183057145976009191972572994",
"282797217103221705672407296789609579084",
"145065410172996124607999919159754861408",
"101767503940173081385500055321872559740",
"316067006810577030108647933307015284566",
"191871350338813077353074481621904024467",
"256853744556895680618362400351058868145",
"158708681802576272591530041317300489329",
"329752314106902930068645410712959609640",
"63190184231126783940586096852532649890",
"119914102850402496872609903025625887510",
"165609334727944644051079452084171450439",
"307914337668715424294270514198181297387",
"199637365418329468676329767427057768730",
"88474325459183289203384255329469937176",
"181311603958136170210444942308050687639",
"326387301580368665782657700166854179246",
"135478653040740256708170596559371643490",
"106386626484285716866919060381062926443",
"240620198281852278869563474923769756551",
"181980170893764543021453589044941246024",
"158347005854235568638403466443365741460",
"50694043429243621926023456785653482608",
"203848448518329920913006503833267898633",
"120662084390693642980619132029131633735",
"308066919016731142676547573276921046348",
"236076022979205558544887112192091030589",
"316789423666944892075131603532597200879",
"131010132311465717356287645873276794752",
"236852336336437901604259673590126215480",
"163468254090531733872341077413987571338",
"103181757323315552800972866461684039820",
"198648871109715431422928278580253609665",
"47726423539275320688767415872029944422",
"204857486271734651719892049905132288060",
"177673345335683638544343178125559763654",
"105448046430216483571981492615492935425",
"98628914522111493087243920083376954077",
"64920002490857020376700600086715374439",
"92789432320326795493859779316594059997",
"71769547060855730086650697001836351045",
"48319698945341927746525309034089536515",
"172802206073379595959138720168550466379",
"125714017982518039026742183356917288975",
"159105284733090337611435705767559657161",
"252413799335706469403541094377436163681",
"5799055150323140957515631165138874254",
"141654535431070087508463679436547781978",
"97810010036543471243077293695386210247",
"322524030635253338373828402252246609653",
"18633492397049932289417505817146477978",
"96154950314602212169475254613349838968",
"324796077362282809561173562594069207084",
"195522135153199272487842044381261336697",
"325827425653484482809450423407018166696",
"244575222496369980735071200840858529195",
"295694172658276850217564080423260807517",
"231679404902826328040477239239993858208",
"189522207499402069294867896007738759342",
"224856475194972150803200898194803548578",
"7309288257857809781281905612980738132",
"126740848142933766988638565096848948625",
"306781867155689912877538937837455836366",
"319247112222445785418579188254390950672",
"232063628168477666914833836125030247275",
"284041347458845948392346961437861761066",
"333228141910891348215523120330399733687",
"6914873788128615941864734139153996848",
"216450947636606400674176373538998981930",
"100759133075058144410342684121313802008",
"57935127870167222812743515212388600081",
"289236238026478177424479698856705429425",
"168688013547603025259515923057250548460",
"72640290157705452284076088236416332101",
"170423154316123833849863691154630528512",
"281198625874051166807714765082438364314",
"142058297962718615085679767385196660107",
"106386626484285716866919060381062926443",
"110288282271437197038701890681890533296",
"42864903493311457434238249920519356160",
"75676777279238608369960542573178395058",
"280136825298792570763628418689699294281",
"305185180060308688097769559139524352417",
"55442238902346776581422822370100432619",
"76294146376743722063275767967672046894",
"156141477716666172297204161466023772347",
"50066484976329815337794395258349473415",
"115061127123369016482433685161621358048",
"56796255431503014887801778514425431248",
"83390879041174501109717172764866382794",
"21262466851300820669735275838763389459",
"307180041318835023412132454163908810907",
"6406273368199308079453857419416860697",
"146688518431388213217146769938010376643",
"78890925889372399309286760764664973911"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-32779-0fdd62d0",
"target": {
"file": "src/main/java/ai/labs/eddi/backup/impl/ZipArchive.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Line",
"digest": {
"line_hashes": [
"218693636473272369656824132274333554308",
"154557316686528933832993269537127155578",
"158683028069920274587790406368062376134",
"92932804481614911319784269530125439958",
"26689587374373670827395839708255558727",
"298531840009484512763787597275958260566",
"134376737937742059146601284854295354108",
"324372809086060455267724085456957541437",
"8703725388848064852453622035975561798",
"74869546904475538469514749110311398194",
"253527208040906690477243812876158471595",
"216196758220918668711457030069603623847",
"97689148730017881686979269364696796119",
"41648684884450657576183319779930760700",
"328256320372545028660821783325110216920",
"135350996122252464532637347222254943866",
"299526011758620156853655525739337100297",
"223361508250316172802552579243620119547",
"339267146654693441373295999959150734054",
"220791602070032518638949185531634844773",
"28710523318570405611413830875331241118",
"339561521530111973967500532400455188295",
"237973740121789137745378316905959890215",
"6171516508782904326240276637898582917",
"32360822807526866557297902829761309834",
"162405851704312349325616390727606294371",
"47147589985290275526048167129040115485",
"23356737726570823622236568410500469619",
"64923293621201810750815449974079002731",
"109694426263077591475670481475381179224",
"23468967448459174502641654108979029617",
"142086013286159590502475462635458067843",
"100804351706892299680291888394690421802",
"260533022337860046327643152723043429963",
"249315915248919830377101701480757988314",
"173441769094582259213087705436847371794",
"98193694264964513767280840252837249500",
"34637366084965770544369543650973872063",
"75409661213128112074594542993170138584",
"75816293144464628261598219769273301008",
"325583898155382461813992314746239512111",
"325980462084736277160826266933406417160",
"24709139786372222333953743565452171652",
"311006334663637845340018839494589868880",
"291108641275525970321992645852307493932",
"160295066570915443990456343126927537741",
"190531420929833728277011397831934295749",
"9371582308135041265115591383491643460",
"58099814317392959129549267187301682702",
"132307555034333064808053397875548943395",
"28836640543408802587976493436847711421",
"195496498398396928414244835096276921400",
"248762732990595023171031811166712926548",
"86608901840054507357155367199310594919",
"274134240940490433200132415097635343414",
"2428622899256718374383367504524047352",
"225684671453010792768057011493679526560",
"125173553936961036206614337941725235031",
"148465925371203767632033791130346379094",
"211802211707993325896005251662497954085",
"268289932027300284165742764816575005496",
"257935598875441076929262465632703204248"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-32779-12492dd1",
"target": {
"function": "importBot",
"file": "src/main/java/ai/labs/eddi/backup/impl/RestImportService.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "170235029497255835320362654095404900385",
"length": 386.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-225742f4",
"target": {
"function": "unzip",
"file": "src/main/java/ai/labs/eddi/backup/impl/ZipArchive.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "270838164716090015932298739875038922413",
"length": 531.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-4c00765a",
"target": {
"function": "parsePackage",
"file": "src/main/java/ai/labs/eddi/backup/impl/RestImportService.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "30220887300463892129364866405160560530",
"length": 2293.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-7ee83a25",
"target": {
"function": "readResources",
"file": "src/main/java/ai/labs/eddi/backup/impl/RestImportService.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "170661427361577036702915137415505629741",
"length": 1664.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-9cb67c1b",
"target": {
"function": "updateDocumentDescriptor",
"file": "src/main/java/ai/labs/eddi/backup/impl/RestImportService.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "20353631034692009852892560096829595527",
"length": 726.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-ca3b05e3",
"target": {
"function": "importBotZipFile",
"file": "src/main/java/ai/labs/eddi/backup/impl/RestImportService.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "43681666246247741502630187460893460847",
"length": 866.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-d18f4f41",
"target": {
"function": "writeZipFile",
"file": "src/main/java/ai/labs/eddi/backup/impl/ZipArchive.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "290344362823795884577540007329675844404",
"length": 304.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-e1b31c66",
"target": {
"function": "addToZip",
"file": "src/main/java/ai/labs/eddi/backup/impl/ZipArchive.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "150329435343988104295078714748621850602",
"length": 486.0
},
"deprecated": false
},
{
"id": "CVE-2025-32779-ebee479a",
"target": {
"function": "extractFile",
"file": "src/main/java/ai/labs/eddi/backup/impl/ZipArchive.java"
},
"signature_version": "v1",
"source": "https://github.com/labsai/eddi/commit/1e207d0e4f72a5a93920bc0f76cad53ffd8e7065",
"signature_type": "Function",
"digest": {
"function_hash": "284798236632199595766781436213497007156",
"length": 300.0
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32779.json"
"2026-04-12T15:36:23Z"