Vulnerabilities

Complete Guide to CVE-2025-68472 - MindsDB has improper sanitation of filepath that leads to information disclosure...

2026-01-12 0 views admin

CVE ID : CVE-2025-68472 Published : Jan. 12, 2026, 5:15 p.m. | 1 hour, 27 minutes ago Description : MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not

CVE Details

CVE ID

CVE-2025-68472

Published

Jan. 12, 2026

Impact: path traversal

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-68472

Complete Guide to CVE-2025-68472 - MindsDB has improper sanitation of filepath that leads to information disclosure...

CVE Details

🏷️ Tags

More from Vulnerabilities

Update: CVE-2026-22200 - osTicket <= 1.18.2 pdf export arbitrary file read

CVE-2026-22783 - Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Manage

CVE-2026-22781 - TinyWeb CGI Command Injection

CVE-2026-22776 - cpp-httplib vulnerable to a denial of service (DOS) using a zip bomb

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting