CVE-2025-6166

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-6166
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6166.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6166
Published
2025-06-17T06:15:22.467Z
Modified
2026-04-10T05:32:40.202738Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function imageget of the file /python/api/imageget.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/agent0ai/agent-zero

Affected ranges

Type
GIT
Repo
https://github.com/agent0ai/agent-zero
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6a3320641a34d1f0ea20b81ac22700a606247b5b
Fixed
5db74202d632306a883ccce7339c5bdba0d16c5a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.8.4.1"
        }
    ]
}

Affected versions

v0.*
v0.2
v0.3
v0.4
v0.5
v0.6
v0.6.1
v0.6.2
v0.7
v0.7.1
v0.8
v0.8.1
v0.8.1.2
v0.8.2
v0.8.2.1
v0.8.3
v0.8.3.1
v0.8.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6166.json"