KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.3

CVSS
Critical

CVE-2025-0868

PUBLISHED

Remote Code Execution in DocsGPT

Exploited in the wild Remote Low complexity No user interaction

Vendor: Arc53
Product: DocsGPT
Published: Feb 20, 2025
EPSS: —

Description

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0.

nuclei_scanner

CVSS scores

CVSS v4.0 9.3 Critical

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Exploitation status

Exploited in the wild

Recorded 2025-06-21 00:00:00 UTC · Source

SSVC decision points

Exploitation: none
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Jun 21, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0868.yaml	Apr 25, 2025

Timeline

CVE ID Reserved

January 30, 2025
CVE Published to Public

February 20, 2025
Detected by Nuclei

April 25, 2025
Added to KEVIntel

June 21, 2025