AI description
CVE-2025-0868 is a vulnerability found in DocsGPT versions 0.8.1 through 0.12.0. It stems from improper parsing of JSON data using the `eval()` function. This improper parsing allows an unauthorized attacker to send arbitrary Python code to be executed via the `/api/remote` endpoint, potentially leading to remote code execution (RCE).
- Description
- A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0.
- Source
- cvd@cert.pl
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cvd@cert.pl
- CWE-77
- Hype score
- Not currently trending
#CVE-2025-0868 把关键代码交给大模型,直接给出POC。5分钟出一个分析到利用的完整报告🤣 https://t.co/Hi8Q3EAlbm
@_r00tuser
12 May 2025
6034 Impressions
16 Retweets
81 Likes
41 Bookmarks
2 Replies
0 Quotes
#exploit 1. CCleaner LPE Vulnerability on macOS https://t.co/AhFwhrZmoE 2. CVE-2025-0868: Arbitrary Command Injection in DocsGPT https://t.co/zSOBS4KF9n 3. CVE-2025-30208: Vite Arbitrary File Read vulnerability https://t.co/NcQDeoVijy
@ksg93rd
1 Apr 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-0868 ⚠️🔴 CRITICAL (9.3) 🏢 Arc53 - DocsGPT 🏗️ 0.8.1 🔗 https://t.co/nEv4ywxxMs 🔗 https://t.co/6iVllsIe3x 🔗 https://t.co/p4TYpk5h3z #CyberCron #VulnAlert https://t.co/X0GdvN0pN7
@cybercronai
20 Feb 2025
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-0868 Remote Code Execution via JSON Parsing Vulnerability in DocsGPT 0.8.1-0.12.0 https://t.co/b4wQnwInLn
@VulmonFeeds
20 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0868 A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker… https://t.co/WdAVHkAgyo
@CVEnew
20 Feb 2025
436 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-0868: CRITICAL] DocsGPT has a critical Remote Code Execution vulnerability, allowing attackers to send Python code via /api/remote endpoint. Versions 0.8.1 to 0.12.0 are affected.#cybersecurity,#vulnerability https://t.co/HYvNRJMMdp https://t.co/odvunFgI7n
@CveFindCom
20 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes