Vulnerability Description
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Agent-Zero | Agent-Zero | < 0.8.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/frdel/agent-zero/commit/5db74202d632306a883ccce7339c5bdba0d16Patch
- https://github.com/frdel/agent-zero/issues/383ExploitIssue TrackingVendor Advisory
- https://github.com/frdel/agent-zero/issues/383#issuecomment-2893239897Issue Tracking
- https://github.com/frdel/agent-zero/releases/tag/v0.8.4.1Release Notes
- https://vuldb.com/?ctiid.312641Permissions RequiredVDB Entry
- https://vuldb.com/?id.312641Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.593611Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-6166?
CVE-2025-6166 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the arg...
How severe is CVE-2025-6166?
CVE-2025-6166 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6166?
Check the references section above for vendor advisories and patch information. Affected products include: Agent-Zero Agent-Zero.