CVE-2025-0868

Published Feb 20, 2025

Last updated a month ago

CVSS critical 9.3

Overview

Description
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0.
Source
cvd@cert.pl
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

cvd@cert.pl
CWE-77

Social media

Hype score
Not currently trending

  1. #exploit 1. CCleaner LPE Vulnerability on macOS https://t.co/AhFwhrZmoE 2. CVE-2025-0868: Arbitrary Command Injection in DocsGPT https://t.co/zSOBS4KF9n 3. CVE-2025-30208: Vite Arbitrary File Read vulnerability https://t.co/NcQDeoVijy

    @ksg93rd

    1 Apr 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-0868 ⚠️🔴 CRITICAL (9.3) 🏢 Arc53 - DocsGPT 🏗️ 0.8.1 🔗 https://t.co/nEv4ywxxMs 🔗 https://t.co/6iVllsIe3x 🔗 https://t.co/p4TYpk5h3z #CyberCron #VulnAlert https://t.co/X0GdvN0pN7

    @cybercronai

    20 Feb 2025

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  3. CVE-2025-0868 Remote Code Execution via JSON Parsing Vulnerability in DocsGPT 0.8.1-0.12.0 https://t.co/b4wQnwInLn

    @VulmonFeeds

    20 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-0868 A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker… https://t.co/WdAVHkAgyo

    @CVEnew

    20 Feb 2025

    436 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-0868: CRITICAL] DocsGPT has a critical Remote Code Execution vulnerability, allowing attackers to send Python code via /api/remote endpoint. Versions 0.8.1 to 0.12.0 are affected.#cybersecurity,#vulnerability https://t.co/HYvNRJMMdp https://t.co/odvunFgI7n

    @CveFindCom

    20 Feb 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References