CVE-2025-0868

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-0868
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0868.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-0868
Aliases
Published
2025-02-20T12:15:10Z
Modified
2025-10-18T06:56:23.446622Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..

This issue affects DocsGPT: from 0.8.1 through 0.12.0.

References

Affected packages

Git / github.com/arc53/docsgpt

Affected ranges

Type
GIT
Repo
https://github.com/arc53/docsgpt
Events

Affected versions

0.*

0.10.0
0.11.0
0.12.0
0.8.1
0.9.0