QwikSec

Security Database

CVE

CWE

Training

CVE-2025-6283

Published: Jun 19, 2025

Modified: Jun 23, 2025

PUBLISHED

CVSS v3.1

3.5

LOW

Description

A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.

Vendor	Product	Versions
xataio	Xata Agent	affected `0.1` affected `0.2` affected `0.3.0` unaffected `0.3.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

VDB-313287 | xataio Xata Agent route.ts GET path traversal

vdb-entry

technical-description

VDB-313287 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #593627 | xataio Xata Agent < 0.3.1 Arbitrary File Read

third-party-advisory

https://github.com/xataio/agent/issues/179

issue-tracking

https://github.com/xataio/agent/pull/191

issue-tracking

https://github.com/xataio/agent/commit/03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc

patch

https://github.com/xataio/agent/releases/tag/v0.3.1

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.