Path Traversal Vulnerability in Python-a2a by themanojdesai
CVE-2025-6167

5.1MEDIUM

Key Information:

Vendor

Themanojdesai

Status
Python-a2a
Vendor
CVE Published:
17 June 2025

What is CVE-2025-6167?

A path traversal vulnerability has been identified in the create_workflow function within the python-a2a package, specifically in the file api.py. This flaw allows attackers to manipulate file paths, potentially leading to unauthorized access of server files. Users are strongly advised to update to version 0.5.6 of python-a2a to resolve this issue and enhance system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

python-a2a 0.5.0

python-a2a 0.5.1

python-a2a 0.5.2

References

https://vuldb.com/?id.312642
vdb-entrytechnical-description
https://vuldb.com/?ctiid.312642
signaturepermissions-required
https://vuldb.com/?submit.593613
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.