CVE-2025-6237 | invokeai up to up to 6.0.0a1 /api/v1/images/download/ filename path traversal

A vulnerability, which was classified as critical, has been found in invokeai up to up to 6.0.0a1. This issue affects some unknown processing of the file /api/v1/images/download/. Performing manipulation of the argument filename results in path traversal.

This vulnerability is identified as CVE-2025-6237. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More