CVE-2025-6280 | TransformerOptimus SuperAGI up to 0.0.14 EmailToolKit read_email.py download_attachment filename path traversal (Issue 1466)

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal.

This vulnerability is traded as CVE-2025-6280. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.VulDB Recent EntriesRead More