Path Traversal Vulnerability in frdel Agent-Zero Software
CVE-2025-6166

5.1MEDIUM

Key Information:

Vendor: Frdel
Status: Agent-zero
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-6166?

A vulnerability has been identified in the frdel Agent-Zero application, specifically in the image_get function found in /python/api/image_get.py. This issue allows an attacker to exploit the argument path to perform path traversal, potentially accessing unauthorized files within the system. Users are strongly advised to upgrade to version 0.8.4.1, which addresses this flaw. The patch identifier for this update is 5db74202d632306a883ccce7339c5bdba0d16c5a, and failure to update may leave systems exposed to security threats.

Affected Version(s)

Agent-Zero 0.8.0

Agent-Zero 0.8.1

Agent-Zero 0.8.2

References

https://vuldb.com/?id.312641

vdb-entrytechnical-description

https://vuldb.com/?ctiid.312641

signaturepermissions-required

https://vuldb.com/?submit.593611

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 15, 2025

Credit

VulDB GitHub Commit Analyzer

Frdel

What is CVE-2025-6166?

Affected Version(s)

References

CVSS V4

Timeline

Credit