Cyber Resilience

CVE-2025-68472

HighPublic PoC

Published: 12 January 2026

Published
12 January 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.1921 97.0th percentile
Risk Priority 60 floored blend · peak EPSS

Summary

CVE-2025-68472 is a high-severity Path Traversal (CWE-22) vulnerability in Mindsdb Mindsdb. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-68472 is an unauthenticated path traversal vulnerability in MindsDB, a platform for building artificial intelligence from enterprise data, affecting versions prior to 25.11.1. The flaw exists in the file upload API's PUT handler in file.py, which directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Multipart uploads and URL-sourced uploads receive sanitization via clear_filename or equivalent checks, but JSON uploads lack these protections, enabling attackers to read arbitrary files from the server filesystem and move them into MindsDB’s storage.

The vulnerability can be exploited by unauthenticated attackers with adjacent network access (AV:A), requiring low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation allows reading arbitrary files and relocating them into MindsDB storage, exposing sensitive data. It carries a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) and is associated with CWEs 22, 23, and 36.

MindsDB addressed the issue in version 25.11.1. Security practitioners should upgrade to this version or later. Additional mitigation details are available in the GitHub security advisory at https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7 and the BlueRock analysis at https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage,…

more

exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: artificial intelligence

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal vulnerability in unauthenticated file upload API of public-facing application enables exploitation of public-facing app (T1190) and arbitrary file reads from local filesystem (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2531Same product: Mindsdb Mindsdb
CVE-2026-27483Same product: Mindsdb Mindsdb
CVE-2026-28414Shared CWE-22, CWE-36
CVE-2026-35485Shared CWE-22
CVE-2025-29789Shared CWE-22, CWE-23
CVE-2026-27202Shared CWE-22, CWE-23
CVE-2026-29871Shared CWE-22
CVE-2025-61913Shared CWE-22
CVE-2026-33497Shared CWE-22
CVE-2025-66687Shared CWE-22

Affected Assets

mindsdb
mindsdb
≤ 25.11.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the unauthenticated path traversal by requiring validation of user-controlled data in JSON file upload requests before joining into filesystem paths.

prevent

Enforces logical access controls to prevent the file upload handler from reading or moving arbitrary files outside intended storage directories.

preventrecover

Requires timely remediation of the specific flaw in file.py via patching to version 25.11.1 or later, preventing exploitation and restoring secure operation.

References