cbcvebase.
CVE-2025-6237
published 2025-09-18

CVE-2025-6237: A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
27.2th percentile
A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including critical system files such as SSH keys, databases, and configuration files. This vulnerability results in high confidentiality, integrity, and availability impacts.

Affected

19 ranges
VendorProductVersion rangeFixed in
invoke-aiinvoke-ai_invokeai>= 0 < 6.7.06.7.0
invoke-aiinvoke-ai_invokeaiunspecified – latest
msrcazl3_cloud-hypervisor-cvm_38.0.72-2_on_azure_linux_3.0
msrcazl3_cloud-hypervisor-cvm_38.0.72.2-1_on_azure_linux_3.0
msrcazl3_nodejs_20.10.0-2_on_azure_linux_3.0
msrcazl3_nodejs_20.14.0-1_on_azure_linux_3.0
msrcazl3_openssl_3.1.4-9_on_azure_linux_3.0
msrcazl3_openssl_3.3.0-1_on_azure_linux_3.0
msrcazl3_qemu_8.2.0-16_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_cloud-hypervisor-cvm_38.0.72-1_on_cbl_mariner_2.0
msrccbl2_cloud-hypervisor-cvm_38.0.72.2-1_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-5_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-6_on_cbl_mariner_2.0
msrccbl2_nodejs18_18.18.2-7_on_cbl_mariner_2.0
msrccbl2_nodejs18_18.20.2-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.