CVE-2025-6772 – This critical vulnerability in eosphoros-ai DB-... (How to Fix)

📋 TL;DR

This critical vulnerability in eosphoros-ai DB-GPT allows remote attackers to perform path traversal attacks via the import_flow function's File parameter. Attackers can potentially read, write, or delete arbitrary files on the server. All users running DB-GPT versions up to 0.7.2 are affected.

💻 Affected Systems

Products:

eosphoros-ai DB-GPT

Versions: up to 0.7.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable API endpoint exposed are affected regardless of configuration.

📦 What is this software?

Db Gpt by Dbgpt

View all CVEs affecting Db Gpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file write leading to remote code execution, data exfiltration, or system destruction.

🟠

Likely Case

Unauthorized file access leading to sensitive information disclosure, configuration file manipulation, or partial system compromise.

🟢

If Mitigated

Limited impact with proper file system permissions, but still potential for information disclosure from accessible files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed in GitHub issue #2774, making weaponization straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.7.3 or later

Vendor Advisory: https://github.com/eosphoros-ai/DB-GPT/issues/2774

Restart Required: Yes

Instructions:

1. Update DB-GPT to version 0.7.3 or later using pip: pip install --upgrade db-gpt==0.7.3
2. Restart the DB-GPT service
3. Verify the fix by checking the version

🔧 Temporary Workarounds

API Endpoint Restriction

all

Block or restrict access to the vulnerable /api/v2/serve/awel/flow/import endpoint

# Use web server configuration (nginx example)
location /api/v2/serve/awel/flow/import {
    deny all;
}

File Upload Validation

all

Implement strict file path validation and sanitization for the import_flow function

# Python example for path validation
import os

def safe_path(file_path):
    base_dir = '/safe/directory'
    abs_path = os.path.abspath(os.path.join(base_dir, file_path))
    if not abs_path.startswith(base_dir):
        raise ValueError('Path traversal attempt detected')
    return abs_path

🧯 If You Can't Patch

Implement strict network segmentation to isolate DB-GPT instances from sensitive systems
Deploy web application firewall (WAF) rules to detect and block path traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check if DB-GPT version is 0.7.2 or earlier and the /api/v2/serve/awel/flow/import endpoint is accessible

Check Version:

pip show db-gpt | grep Version

Verify Fix Applied:

Confirm DB-GPT version is 0.7.3 or later and test the import endpoint with path traversal attempts

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in application logs
Multiple failed import attempts with suspicious file paths
Access to files outside expected directories

Network Indicators:

HTTP requests to /api/v2/serve/awel/flow/import with ../ patterns in parameters
Unusual file download patterns from the DB-GPT server

SIEM Query:

source="db-gpt-logs" AND (uri_path="/api/v2/serve/awel/flow/import" AND (param=".." OR param="%2e%2e"))

📊 Metadata

CVE ID: CVE-2025-6772

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-22

EPSS Score: 0.29% exploit probability (51.6th percentile)

Published: June 27, 2025

Last Updated: September 15, 2025

🔗 References

https://github.com/eosphoros-ai/DB-GPT/issues/2774 Exploit,Issue Tracking
https://vuldb.com/?ctiid.314088 Permissions Required,VDB Entry
https://vuldb.com/?id.314088 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.601028 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6772, you might also want to check these: