CVE-2025-0868
Remote Code Execution in DocsGPT
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 30, 2025
- Published Date
- February 20, 2025
- Last Updated
- February 20, 2025
- Vendor
- Arc53
- Product
- DocsGPT
- Description
- A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0.
- Tags
- Score
- 25.16% (Percentile: 95.91%) as of 2025-06-30
- Exploitation
- none
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-06-20 00:00:00 UTC) Source
nuclei_scanner
python
CVSS Scores
CVSS v4.0
9.3 - CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
The Shadowserver (via CIRCL) | 2025-06-21 12:00:43 UTC |
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0868.yaml | 2025-04-26 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel