HKUDS LightRAG har 1.3.8 File Upload document_routes.py upload_to_input_dir file.filename Dafiyar fayil ɗin cikin kundin ajiyar bayanai
| CVSS Meta Temp Score | Garga na exploit ndiyam (≈) | CTI Nganji Score |
|---|---|---|
| 5.1 | $0-$5k | 0.18 |
Gunduma
Hakika vulnerability da aka rarraba a matsayin kura an gano a HKUDS LightRAG har 1.3.8. Tabbas, aikin upload_to_input_dir ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil lightrag/api/routers/document_routes.py, a cikin sashi File Upload. Wuro manipulation of the argument file.filename ga Dafiyar fayil ɗin cikin kundin ajiyar bayanai. Ana kiran wannan rauni da CVE-2025-6773. Wuroo ka a yiɗi a yi ɗum e gese. Babu wani exploit da ake da shi. Ya kamata a yi amfani da patch don magance wannan matsala. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Furɗe
Hakika vulnerability da aka rarraba a matsayin kura an gano a HKUDS LightRAG har 1.3.8. Tabbas, aikin upload_to_input_dir ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil lightrag/api/routers/document_routes.py, a cikin sashi File Upload. Wuro manipulation of the argument file.filename ga Dafiyar fayil ɗin cikin kundin ajiyar bayanai. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-22. Lalle, rauni an sanar da shi da 1692. Ana samun bayanin tsaro don saukewa a github.com.
Ana kiran wannan rauni da CVE-2025-6773. Wuroo ka a yiɗi a yi ɗum e gese. Bayani na fasaha ga. Wannan vulnerability ɗin ba a san shi sosai ba. Babu wani exploit da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro.
Á yí a wondi feere.
Patch ɗin an san shi da 60777d535b719631680bcf5d0969bdef79ca4eaf. Za a iya sauke maganin matsalar daga github.com. Ya kamata a yi amfani da patch don magance wannan matsala.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Kayan
Ngilabe
Sunu
Furɗe
Laisens
Webseite
CPE 2.3
CPE 2.2
CVSSv4
VulDB Furɗo: 🔒VulDB Gaskiya: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Ganda Borno: 5.3
VulDB Temp Score: 5.1
VulDB Furɗo: 🔒
VulDB Gaskiya: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vektar | Kumpleksiti | Authentisierung | Kariyandi | Gaskiya | Gashina |
|---|---|---|---|---|---|
| furu | furu | furu | furu | furu | furu |
| furu | furu | furu | furu | furu | furu |
| furu | furu | furu | furu | furu | furu |
VulDB Ganda Borno: 🔒
VulDB Temp Score: 🔒
VulDB Gaskiya: 🔍
Gargajiya
Klasu: Dafiyar fayil ɗin cikin kundin ajiyar bayanaiCWE: CWE-22
CAPEC: 🔒
ATT&CK: 🔒
Fizikal: Kumgana
Gumti: Ee
Gana: Ayi
Gashina: 🔒
Halitta: A wondi feere
EPSS Score: 🔒
EPSS Percentile: 🔒
Furɗo farashi: 🔍
Gaskiya farashi ndiyam: 🔒
| 0-Day | furu | furu | furu | furu |
|---|---|---|---|---|
| Lale | furu | furu | furu | furu |
Bayani na barazana
Ngam: 🔍Akteɓe ɓernde: 🔍
Kura APT goruwa masu aiki: 🔍
Kari gamji
Garga: KariHalitta: 🔍
0-Day Gana: 🔒
Kari: 60777d535b719631680bcf5d0969bdef79ca4eaf
Waktin layi
06/27/2025 Advisory ganna fa.06/27/2025 VulDB gite be nayi
06/28/2025 VulDB gite wuro karshe ta gyara
Ngizim
Kayan: github.comGargaaji: 1692
Halitta: Gaskiya
Tafsirga: 🔒
CVE: CVE-2025-6773 (🔒)
GCVE (CVE): GCVE-0-2025-6773
GCVE (VulDB): GCVE-100-314089
EUVD: 🔒
Gumti
Súgá: 06/27/2025 12:27Gargadi: 06/28/2025 04:58
Goyarwa: 06/27/2025 12:27 (59), 06/28/2025 04:58 (1)
Gadankam: 🔍
Ngwazarma: Hannibal0x
Cache ID: 253:73C:103
Súbít
Shingilam
- Súbít #601276: HKUDS LightRAG v1.3.8 Path Traversal (nga Hannibal0x)
A ga wuroyo kulu. Kàlàmbe: kr + en.
Ngam loga ka, kanyi shidin dum.