CVE-2025-0868
Published: 20 February 2025
Summary
CVE-2025-0868 is a critical-severity Eval Injection (CWE-95) vulnerability in Cert (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability resulting in remote code execution has been identified in DocsGPT versions 0.8.1 through 0.12.0. The issue arises from improper parsing of JSON data via the eval() function, enabling an attacker to supply arbitrary Python code for execution through the /api/remote endpoint. It is tracked as CWE-95 and carries a CVSS 4.0 score of 9.3 reflecting network-accessible attack vector, low complexity, and no required privileges or user interaction.
An unauthenticated remote attacker can send crafted requests to the exposed endpoint and obtain arbitrary code execution, resulting in full compromise of confidentiality, integrity, and availability on the affected DocsGPT instance.
Public advisories published by CERT.pl at the referenced URLs describe the flaw and point to the upstream DocsGPT repository for further details, though no specific patch or mitigation steps are enumerated in the available information. The associated EPSS score has remained flat at 0.1728 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4586
- 🇵🇱 CERT-PL: cert.pl
- 🇵🇱 CERT-PL: cert.pl
Vulnerability details
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue…
more
affects DocsGPT: from 0.8.1 through 0.12.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct RCE via unauthenticated remote exploitation of a public-facing web app using Python eval injection.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of JSON inputs to the /api/remote endpoint to ensure they are within expected format, preventing arbitrary Python code execution via eval().
Mandates timely identification, reporting, and correction of the specific flaw in DocsGPT versions 0.8.1 through 0.12.0 that enables RCE through improper JSON parsing.
Enforces least privilege on the DocsGPT process to limit the scope and impact of potential RCE exploitation even if arbitrary code executes.