Cyber Posture

CVE-2025-68472

HighPublic PoC

Published: 12 January 2026

Published
12 January 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0040 61.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage,…

more

exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates the unauthenticated path traversal by requiring validation of user-controlled data in JSON file upload requests before joining into filesystem paths.

AC-3 Access Enforcement partial match
prevent

Enforces logical access controls to prevent the file upload handler from reading or moving arbitrary files outside intended storage directories.

SI-2 Flaw Remediation good match
preventrecover

Requires timely remediation of the specific flaw in file.py via patching to version 25.11.1 or later, preventing exploitation and restoring secure operation.

Security SummaryAI

CVE-2025-68472 is an unauthenticated path traversal vulnerability in MindsDB, a platform for building artificial intelligence from enterprise data, affecting versions prior to 25.11.1. The flaw exists in the file upload API's PUT handler in file.py, which directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Multipart uploads and URL-sourced uploads receive sanitization via clear_filename or equivalent checks, but JSON uploads lack these protections, enabling attackers to read arbitrary files from the server filesystem and move them into MindsDB’s storage.

The vulnerability can be exploited by unauthenticated attackers with adjacent network access (AV:A), requiring low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation allows reading arbitrary files and relocating them into MindsDB storage, exposing sensitive data. It carries a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) and is associated with CWEs 22, 23, and 36.

MindsDB addressed the issue in version 25.11.1. Security practitioners should upgrade to this version or later. Additional mitigation details are available in the GitHub security advisory at https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7 and the BlueRock analysis at https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal.

Details

CWE(s)
CWE-22CWE-23CWE-36

Affected Products

mindsdb
mindsdb
≤ 25.11.1

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Matched keywords: artificial intelligence

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability in unauthenticated file upload API of public-facing application enables exploitation of public-facing app (T1190) and arbitrary file reads from local filesystem (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References