CVE-2025-67506
Published: 10 December 2025
Summary
CVE-2025-67506 is a critical-severity Path Traversal (CWE-22) vulnerability in Pipeshub Pipeshub. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-67506 is a critical path traversal vulnerability (CWE-22) combined with unrestricted upload of files with dangerous type (CWE-434) affecting PipesHub, a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose the POST /api/v1/record/buffer/convert endpoint without authentication. This endpoint accepts file uploads and converts them to PDF using LibreOffice, saving payloads to os.path.join(tmpdir, file.filename) without normalizing the filename, allowing attackers to use ../ sequences for directory traversal.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction, as indicated by its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By submitting a crafted filename, attackers can write arbitrary files to locations where the service account has write permissions, enabling remote file overwrites or the planting of malicious code for potential code execution or persistence.
The issue is fixed in PipesHub version 0.1.0-beta. Mitigation details are available in the GitHub security advisory at https://github.com/pipeshub-ai/pipeshub-ai/security/advisories/GHSA-w398-9m55-2357 and the fixing commit at https://github.com/pipeshub-ai/pipeshub-ai/commit/987ebab40a1fc39956730ed93220f7f9b2c4e5f8. Security practitioners should upgrade affected deployments immediately and review access to the endpoint.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-202360
Vulnerability details
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload…
more
to os.path.join(tmpdir, file.filename) without normalizing the filename. An attacker can submit a crafted filename containing ../ sequences to write arbitrary files anywhere the service account has permission, enabling remote file overwrite or planting malicious code. This issue is fixed in version 0.1.0-beta.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated path traversal in file upload endpoint enables exploitation of public-facing application (T1190) and arbitrary file writes for planting malicious code such as web shells (T1505.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates filenames in file uploads to block path traversal sequences like ../, directly preventing arbitrary file writes.
Enforces authentication and access control policies on the unauthenticated POST /api/v1/record/buffer/convert endpoint to block remote exploitation.
Limits the PipesHub service account to least privilege, restricting the locations where traversed paths can write arbitrary files.