CVE-2025-6280 – TransformerOptimus SuperAGI EmailToolKit Path Traversal Vulnerability

June 19, 2025

CVE ID : CVE-2025-6280

Published : June 19, 2025, 10:15 p.m. | 14 minutes ago

Description : A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6281 – OpenBMB XAgent Path Traversal Vulnerability

Next Article CVE-2025-47293 – PowSyBl XML Entity Injection and SSRF Vulnerability

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

I’ve tested dozens of robot vacuums. These are the three I recommend most to family and friends

These apps are quietly draining your phone battery – how to find and shut them down

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

I tested the world’s thinnest SSD enclosure – here’s why it’s the perfect PC accessory for me

Importance of Performance Adaptation in Frontend Development

Importance of Performance Adaptation in Frontend Development

Proactive, Not Reactive – The Key to Inclusive and Accessible Design

Reset Rate Limits Dynamically with Laravel’s clear Method

Stage – Git GUI client for Linux desktops

Stage – Git GUI client for Linux desktops

Edit: L’editor di testo a riga di comando di Microsoft anche per GNU/Linux

Splitcat – split and merge files

CVE-2025-6280 – TransformerOptimus SuperAGI EmailToolKit Path Traversal Vulnerability

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

CVE-2025-46080 – HuoCMS File Upload Bypass Vulnerability

CVE-2025-32643 – Mojoomla WPGYM SQL Injection

Five Proven Ways to Improve Your Website’s SEO Ranking (2025 Guide)

CVE-2025-37986 – “USB Type-C: Invalid Pointer Vulnerability”

The next Apple Watch likely won’t include this popular health feature

Outlaw Botnet Exploits Weak SSH to Hijack Linux Systems for Crypto Mining

CVE-2023-44752 – Apache Student Study Center Desk Management System Authentication Bypass

Custom Software Development : A Detailed Guide (2025)

CVE-2025-6280 – TransformerOptimus SuperAGI EmailToolKit Path Traversal Vulnerability

Related Posts