CVE-2025-6281 – OpenBMB XAgent Path Traversal Vulnerability

June 19, 2025

CVE ID : CVE-2025-6281

Published : June 19, 2025, 10:15 p.m. | 14 minutes ago

Description : A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6282 – Xlang-ai OpenAgents Path Traversal Vulnerability

Next Article CVE-2025-6280 – TransformerOptimus SuperAGI EmailToolKit Path Traversal Vulnerability

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

How to free up your Mac’s storage space – 3 easy ways

I finally found a mini PC with a striking design (and the power to back it up)

The best password generators of 2025: Expert tested

Facebook’s new passkey support could soon let you ditch your password forever

eslint-plugin-mutate

eslint-plugin-mutate

Event-Driven Microservice Backend For a Modern E-commerce Platform.

Search Params Are State – How TanStack Router Solves It

You Can Now Auto-Generate Google Forms Using Gemini Using Prompts or Files – Here’s How

You Can Now Auto-Generate Google Forms Using Gemini Using Prompts or Files – Here’s How

Google Helps Devs Build Safe Android Apps with THIS Play Policy – Find Out More Here

Microsoft Edge for Business Now Lets Admins Push Encrypted Passwords to Users Securely

CVE-2025-6281 – OpenBMB XAgent Path Traversal Vulnerability

Massive Data Leak: Hacker Allegedly Selling 16 Billion Login Credentials from Major Tech Giants

Microsoft 365 Boosts Security: Legacy File Access Protocols RPS & FrontPage RPC Phased Out July 2025

CVE-2025-4980 – Netgear DGND3700 HTTP Information Disclosure Vulnerability

Xbox Insiders can now play games using keyboard and mouse on Xbox Cloud Gaming

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

Android scam: Firms fined over $500,000 for malicious apps’ hidden subscriptions

Google Launches Gemini 2.5 Pro I/O: Outperforms GPT-4 in Coding, Supports Native Video Understanding and Leads WebDev Arena

These tech markets are taking the brunt of the new US tariffs – what that means for you

A Minecraft Movie continues to print money, and fans can now go to special screenings and be as loud as they please

CVE-2025-5443 – “Linksys Wireless Router Os Command Injection Vulnerability”

CVE-2025-6281 – OpenBMB XAgent Path Traversal Vulnerability

Related Posts