CVE-2025-68472

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68472
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68472.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68472
Aliases
Published
2026-01-12T16:53:47.748Z
Modified
2026-04-10T05:35:07.308916Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
Details

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and sourcetype is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clearfilename or equivalent checks. This vulnerability is fixed in 25.11.1.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68472.json",
    "cwe_ids": [
        "CWE-22",
        "CWE-23",
        "CWE-36"
    ]
}
References

Affected packages

Git / github.com/mindsdb/mindsdb

Affected ranges

Type
GIT
Repo
https://github.com/mindsdb/mindsdb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1ac0d8f3dcda16de7d45e572c38a050ce8e4176a

Affected versions

2.*
2.14.0
2.20.1
2.21.0
2.21.1
2.21.2
2.30.0
2.31.0
2.33.0
2.36.0
2.36.0v2
2.37.0
2.38.0
v0.*
v0.8.8
v0.8.9.1
v1.*
v1.0.6
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.1.2
v2.10.0
v2.10.2
v2.11.0
v2.11.1
v2.11.2
v2.14.0
v2.15.0
v2.17.1
v2.2.0
v2.2.1
v2.26.0
v2.27.0
v2.3.0
v2.30.1
v2.35.0
v2.39.0
v2.4.0
v2.40.0
v2.41.0
v2.41.1
v2.41.2
v2.42.0
v2.42.1
v2.42.2
v2.43.0
v2.44.0
v2.45.0
v2.45.1
v2.45.2
v2.5.0
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.8.3
v2.9.0
v2.9.1
v22.*
v22.11.4.0
v22.11.4.1
v22.11.4.2
v22.11.4.3
v22.12.4.0
v22.5.1.2
v23.*
v23.11.28.1-alpha
v23.11.4.4a1
v24.*
v24.10.1.0
v24.10.2.0
v24.10.3.0
v24.10.4.0
v24.10.4.1
v24.10.4.2
v24.10.5.0
v24.11.1.0
v24.11.1.1
v24.11.2.0
v24.11.3.0
v24.11.4.0
v24.11.4.1
v24.11.4.2
v24.12.1.0
v24.12.2.0
v24.12.2.1
v24.12.3.0
v24.12.4.0
v24.5.4.0
v24.6.1.0
v24.6.1.1
v24.6.2.0
v24.6.2.2
v24.6.3.0
v24.6.3.1
v24.6.4.0
v24.6.4.1
v24.7.1.0
v24.7.2.0
v24.7.3.0
v24.7.4.0
v24.7.4.1
v24.7.5.0
v24.8.1.0
v24.8.1.1
v24.8.2.0
v24.8.3.0
v24.8.4.0
v24.9.1.0
v24.9.2.0
v24.9.2.1
v24.9.3.0
v24.9.3.1
v24.9.3.2
v24.9.4.0
v24.9.4.1
v25.*
v25.1.2.0
v25.1.2.1
v25.1.3.0
v25.1.4.0
v25.1.5.0
v25.1.5.1
v25.1.5.2
v25.1.5.3
v25.10.0
v25.10.1
v25.2.1.0
v25.2.1.1
v25.2.1.2
v25.2.2.0
v25.2.2.1
v25.2.2.2
v25.2.3.0
v25.2.4.0
v25.3.1.0
v25.3.2.0
v25.3.3.0
v25.3.4.0
v25.3.4.1
v25.3.4.2
v25.4.1.0
v25.4.2.0
v25.4.2.1
v25.4.3.0
v25.4.3.1
v25.4.4.0
v25.4.5.0
v25.5.3.0
v25.5.4.0
v25.5.4.1
v25.5.4.2
v25.6.2.0
v25.6.3.0
v25.6.3.1
v25.6.4.0
v25.7.1.0
v25.7.2.0
v25.7.3.0
v25.7.4.0
v25.8.2.0
v25.8.3.0
v25.9.1.0
v25.9.1.1
v25.9.1.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68472.json"