CVE-2025-6167

low-risk
Published 2025-06-17

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Python A2A

Affected Vendors

Themanojdesai

References (7)

Exploit https://github.com/themanojdesai/python-a2a/issues/40
Exploit https://github.com/themanojdesai/python-a2a/issues/40#issuecomment-2904804388
Release Notes https://github.com/themanojdesai/python-a2a/releases/tag/v0.5.6
Permissions Required https://vuldb.com/?ctiid.312642
Third Party Advisory https://vuldb.com/?id.312642
Third Party Advisory https://vuldb.com/?submit.593613
Exploit https://github.com/themanojdesai/python-a2a/issues/40
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal