CVE-2025-6166

low-risk
Published 2025-06-17

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Agent-Zero

Affected Vendors

Agent-Zero

References (7)

Patch https://github.com/frdel/agent-zero/commit/5db74202d632306a883ccce7339c5bdba0d16...
Exploit https://github.com/frdel/agent-zero/issues/383
Issue Tracking https://github.com/frdel/agent-zero/issues/383#issuecomment-2893239897
Release Notes https://github.com/frdel/agent-zero/releases/tag/v0.8.4.1
Permissions Required https://vuldb.com/?ctiid.312641
Third Party Advisory https://vuldb.com/?id.312641
Third Party Advisory https://vuldb.com/?submit.593611
19
/ 100
low-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal