- Description
- A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0.
- Source
- cvd@cert.pl
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cvd@cert.pl
- CWE-77
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 CVE-2025-0868 ⚠️🔴 CRITICAL (9.3) 🏢 Arc53 - DocsGPT 🏗️ 0.8.1 🔗 https://t.co/nEv4ywxxMs 🔗 https://t.co/6iVllsIe3x 🔗 https://t.co/p4TYpk5h3z #CyberCron #VulnAlert https://t.co/X0GdvN0pN7
@cybercronai
20 Feb 2025
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-0868 Remote Code Execution via JSON Parsing Vulnerability in DocsGPT 0.8.1-0.12.0 https://t.co/b4wQnwInLn
@VulmonFeeds
20 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0868 A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker… https://t.co/WdAVHkAgyo
@CVEnew
20 Feb 2025
436 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-0868: CRITICAL] DocsGPT has a critical Remote Code Execution vulnerability, allowing attackers to send Python code via /api/remote endpoint. Versions 0.8.1 to 0.12.0 are affected.#cybersecurity,#vulnerability https://t.co/HYvNRJMMdp https://t.co/odvunFgI7n
@CveFindCom
20 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes