Vulnerability Description
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0.
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2025/02/CVE-2025-0868/
- https://cert.pl/posts/2025/02/CVE-2025-0868/
- https://github.com/arc53/DocsGPT
FAQ
What is CVE-2025-0868?
CVE-2025-0868 is a documented vulnerability. A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python cod...
How severe is CVE-2025-0868?
CVSS scoring is not yet available for CVE-2025-0868. Check NVD for updates.
Is there a patch for CVE-2025-0868?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.