Cyber Posture

CVE-2025-67506

CriticalPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
17 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload…

more

to os.path.join(tmpdir, file.filename) without normalizing the filename. An attacker can submit a crafted filename containing ../ sequences to write arbitrary files anywhere the service account has permission, enabling remote file overwrite or planting malicious code. This issue is fixed in version 0.1.0-beta.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Validates filenames in file uploads to block path traversal sequences like ../, directly preventing arbitrary file writes.

AC-3 Access Enforcement good match
prevent

Enforces authentication and access control policies on the unauthenticated POST /api/v1/record/buffer/convert endpoint to block remote exploitation.

AC-6 Least Privilege partial match
prevent

Limits the PipesHub service account to least privilege, restricting the locations where traversed paths can write arbitrary files.

Security SummaryAI

CVE-2025-67506 is a critical path traversal vulnerability (CWE-22) combined with unrestricted upload of files with dangerous type (CWE-434) affecting PipesHub, a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose the POST /api/v1/record/buffer/convert endpoint without authentication. This endpoint accepts file uploads and converts them to PDF using LibreOffice, saving payloads to os.path.join(tmpdir, file.filename) without normalizing the filename, allowing attackers to use ../ sequences for directory traversal.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction, as indicated by its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By submitting a crafted filename, attackers can write arbitrary files to locations where the service account has write permissions, enabling remote file overwrites or the planting of malicious code for potential code execution or persistence.

The issue is fixed in PipesHub version 0.1.0-beta. Mitigation details are available in the GitHub security advisory at https://github.com/pipeshub-ai/pipeshub-ai/security/advisories/GHSA-w398-9m55-2357 and the fixing commit at https://github.com/pipeshub-ai/pipeshub-ai/commit/987ebab40a1fc39956730ed93220f7f9b2c4e5f8. Security practitioners should upgrade affected deployments immediately and review access to the endpoint.

Details

CWE(s)
CWE-22CWE-434

Affected Products

pipeshub
pipeshub
0.1.0, 0.1.2, 0.1.3

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Parse error: ```json { "category": "Enterprise AI Assistants", "reason": "PipesHub is explicitly described as a 'fully extensible workplace AI platform for enterprise search and workflow automation', directly

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Unauthenticated path traversal in file upload endpoint enables exploitation of public-facing application (T1190) and arbitrary file writes for planting malicious code such as web shells (T1505.003).

References