Path Traversal Vulnerability in Python-a2a by themanojdesai
CVE-2025-6167

5.1MEDIUM

Key Information:

Vendor

Themanojdesai

Status
Python-a2a
Vendor
CVE Published:
17 June 2025

What is CVE-2025-6167?

A path traversal vulnerability has been identified in the create_workflow function within the python-a2a package, specifically in the file api.py. This flaw allows attackers to manipulate file paths, potentially leading to unauthorized access of server files. Users are strongly advised to update to version 0.5.6 of python-a2a to resolve this issue and enhance system security.

Affected Version(s)

python-a2a 0.5.0

python-a2a 0.5.1

python-a2a 0.5.2

References

https://vuldb.com/?id.312642
vdb-entrytechnical-description
https://vuldb.com/?ctiid.312642
signaturepermissions-required
https://vuldb.com/?submit.593613
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-6167 : Path Traversal Vulnerability in Python-a2a by themanojdesai