Path Traversal Vulnerability in MindsDB File Upload API
CVE-2025-68472

8.1HIGH

Key Information:

Vendor: Mindsdb
Status: Mindsdb
Vendor: CVE Published:; 12 January 2026

What is CVE-2025-68472?

MindsDB has a vulnerability within its file upload API that allows unauthenticated users to exploit a path traversal weakness. This issue enables attackers to read arbitrary files from the server filesystem and transfer them to MindsDB's storage, potentially exposing sensitive data. Specifically, versions prior to 25.11.1 fail to properly sanitize JSON uploads, leaving the system vulnerable to such attacks. While multipart uploads and URL-based uploads receive appropriate sanitization, JSON uploads do not trigger necessary security checks, increasing the risk of data breaches.

Affected Version(s)

mindsdb < 25.11.1

References

https://github.com/mindsdb/mindsdb/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2026
Vulnerability Reserved
Dec 18, 2025

CVE-2025-68472 Data

JSON

Mindsdb

What is CVE-2025-68472?

Affected Version(s)

References

CVSS V3.1

Timeline