Path Traversal Vulnerability in frdel Agent-Zero Software
CVE-2025-6166

5.1MEDIUM

Key Information:

Vendor

Frdel

Status
Agent-zero
Vendor
CVE Published:
17 June 2025

What is CVE-2025-6166?

A vulnerability has been identified in the frdel Agent-Zero application, specifically in the image_get function found in /python/api/image_get.py. This issue allows an attacker to exploit the argument path to perform path traversal, potentially accessing unauthorized files within the system. Users are strongly advised to upgrade to version 0.8.4.1, which addresses this flaw. The patch identifier for this update is 5db74202d632306a883ccce7339c5bdba0d16c5a, and failure to update may leave systems exposed to security threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Agent-Zero 0.8.0

Agent-Zero 0.8.1

Agent-Zero 0.8.2

References

https://vuldb.com/?id.312641
vdb-entrytechnical-description
https://vuldb.com/?ctiid.312641
signaturepermissions-required
https://vuldb.com/?submit.593611
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
JSON
.