Path Traversal Vulnerability in MindsDB File Upload API
CVE-2025-68472

8.1HIGH

Key Information:

Vendor: Mindsdb
Status: Mindsdb
Vendor: CVE Published:; 12 January 2026

What is CVE-2025-68472?

MindsDB has a vulnerability within its file upload API that allows unauthenticated users to exploit a path traversal weakness. This issue enables attackers to read arbitrary files from the server filesystem and transfer them to MindsDB's storage, potentially exposing sensitive data. Specifically, versions prior to 25.11.1 fail to properly sanitize JSON uploads, leaving the system vulnerable to such attacks. While multipart uploads and URL-based uploads receive appropriate sanitization, JSON uploads do not trigger necessary security checks, increasing the risk of data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

mindsdb < 25.11.1

References

https://github.com/mindsdb/mindsdb/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2026
Vulnerability Reserved
Dec 18, 2025

JSON

Mindsdb

What is CVE-2025-68472?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.