Cyber Resilience

CVE-2025-67506

CriticalPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
17 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0038 60.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67506 is a critical-severity Path Traversal (CWE-22) vulnerability in Pipeshub Pipeshub. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-67506 is a critical path traversal vulnerability (CWE-22) combined with unrestricted upload of files with dangerous type (CWE-434) affecting PipesHub, a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose the POST /api/v1/record/buffer/convert endpoint without authentication. This endpoint accepts file uploads and converts them to PDF using LibreOffice, saving payloads to os.path.join(tmpdir, file.filename) without normalizing the filename, allowing attackers to use ../ sequences for directory traversal.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction, as indicated by its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By submitting a crafted filename, attackers can write arbitrary files to locations where the service account has write permissions, enabling remote file overwrites or the planting of malicious code for potential code execution or persistence.

The issue is fixed in PipesHub version 0.1.0-beta. Mitigation details are available in the GitHub security advisory at https://github.com/pipeshub-ai/pipeshub-ai/security/advisories/GHSA-w398-9m55-2357 and the fixing commit at https://github.com/pipeshub-ai/pipeshub-ai/commit/987ebab40a1fc39956730ed93220f7f9b2c4e5f8. Security practitioners should upgrade affected deployments immediately and review access to the endpoint.

EU & UK References

Vulnerability details

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload…

more

to os.path.join(tmpdir, file.filename) without normalizing the filename. An attacker can submit a crafted filename containing ../ sequences to write arbitrary files anywhere the service account has permission, enabling remote file overwrite or planting malicious code. This issue is fixed in version 0.1.0-beta.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unauthenticated path traversal in file upload endpoint enables exploitation of public-facing application (T1190) and arbitrary file writes for planting malicious code such as web shells (T1505.003).

CVEs Like This One

CVE-2025-2749Shared CWE-22, CWE-434
CVE-2024-13986Shared CWE-22, CWE-434
CVE-2026-9102Shared CWE-22, CWE-434
CVE-2026-44566Shared CWE-22, CWE-434
CVE-2012-10054Shared CWE-22, CWE-434
CVE-2026-22786Shared CWE-22, CWE-434
CVE-2022-50939Shared CWE-22, CWE-434
CVE-2025-35055Shared CWE-22, CWE-434
CVE-2024-13714Shared CWE-434
CVE-2025-13597Shared CWE-434

Affected Assets

pipeshub
pipeshub
0.1.0, 0.1.2, 0.1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates filenames in file uploads to block path traversal sequences like ../, directly preventing arbitrary file writes.

prevent

Enforces authentication and access control policies on the unauthenticated POST /api/v1/record/buffer/convert endpoint to block remote exploitation.

prevent

Limits the PipesHub service account to least privilege, restricting the locations where traversed paths can write arbitrary files.

References