Path Traversal Vulnerability in Xataio Xata Agent Affects Multiple Versions
CVE-2025-6283

5.1MEDIUM

Key Information:

Vendor

Xataio

Status
Xata Agent
Vendor
CVE Published:
19 June 2025

What is CVE-2025-6283?

A vulnerability has been identified in Xataio's Xata Agent software that allows attackers to exploit the GET function within the route.ts file. This issue involves inappropriate handling of arguments which can lead to unauthorized access to files outside the intended directory, commonly referred to as path traversal. Users running versions prior to 0.3.1 are strongly advised to update their software to mitigate this risk. The associated patch (commit 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc) addresses this security concern.

Affected Version(s)

Xata Agent 0.1

Xata Agent 0.2

Xata Agent 0.3.0

References

https://vuldb.com/?id.313287
vdb-entrytechnical-description
https://vuldb.com/?ctiid.313287
signaturepermissions-required
https://vuldb.com/?submit.593627
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.
CVE-2025-6283 : Path Traversal Vulnerability in Xataio Xata Agent Affects Multiple Versions