CVE-2025-6166

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6166

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6166.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6166

Published

2025-06-17T06:15:22Z

Modified

2025-06-18T04:09:05.862510Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function imageget of the file /python/api/imageget.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/frdel/agent-zero

Affected ranges

Type: GIT
Repo: https://github.com/frdel/agent-zero
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5db74202d632306a883ccce7339c5bdba0d16c5a

Fixed

6a3320641a34d1f0ea20b81ac22700a606247b5b

Affected versions

v0.*

v0.2

v0.3

v0.4

v0.5

v0.6

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7

v0.7.1

v0.8

v0.8.1

v0.8.1.1

v0.8.1.2

v0.8.2

v0.8.2.1

v0.8.3

v0.8.3.1

v0.8.4