PYSEC-2025-82

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/agentscope/PYSEC-2025-82.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-82

Aliases

CVE-2024-8501
GHSA-p6h7-hfj2-vmcf

Published

2025-03-20T10:15:42.610Z

Modified

2026-06-10T17:00:08.919202947Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An arbitrary file download vulnerability exists in the rpcagentclient component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpcagent's host by exploiting the downloadfile method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.

References

Affected packages

PyPI / agentscope

Package

Name: agentscope; View open source insights on deps.dev
Purl: pkg:pypi/agentscope

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.0.4

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/agentscope/PYSEC-2025-82.yaml"