CVE-2025-68472
published 2026-01-12CVE-2025-68472: MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload…
PriorityP274critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
19.21%
97.0th percentile
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mindsdb | mindsdb | < 25.11.1 | 25.11.1 |
| mindsdb | mindsdb | >= 0 < 25.11.1 | 25.11.1 |
Detection & IOCsextracted from sources · hover to see the quote
url/api/files/
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS MindsDB Unauthenticated File Upload API Path Traversal (CVE-2025-68472)"; flow:established,to_server; http.uri; content:"/api/files/"; fast_pattern; startswith; http.request_body; content:"|22|file|22 3a|"; pcre:"/^\s*?\x22[^\x22]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; http.method; content:"PUT"; reference:url,github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7; reference:cve,2025-68472; classtype:web-application-attack; sid:2066753; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2026_01_14, cve CVE_2025_68472, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_14, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)- →Inspect the JSON request body for a 'file' key containing path traversal sequences (e.g., ../, ..\ or URL-encoded equivalents %2e%2e%2f, %2e%2e%5c). The Snort PCRE targets two or more consecutive traversal components.
- →The vulnerability is only triggered when the request body is JSON and source_type is not 'url'. Multipart and URL-sourced uploads are sanitized; JSON uploads are not — focus detection on JSON-body PUT requests. ↗
- →The exploit is unauthenticated — no session or auth token is required. Perimeter and internal network sensors should both be deployed. ↗
- →For TLS-encrypted traffic, enable SSL/TLS inspection (SSLDecrypt) to ensure the Snort rule fires — the ET rule metadata explicitly lists deployment SSLDecrypt and tls_state TLSDecrypt.
- ·The vulnerability is fixed in MindsDB version 25.11.1. Versions prior to this are affected. Upgrade to remediate. ↗
- ·The path traversal only affects the JSON upload code path in file.py. Multipart and URL-sourced uploads already call clear_filename or equivalent sanitization and are not vulnerable. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
ghsa·2026-01-12
CVE-2025-68472 [HIGH] CWE-22 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
### Summary
[BlueRock](https://bluerock.io/) discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data.
### Details
The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and `source_type` is not `"url"`:
- `data = request.json` (line ~104) accepts attacker input without validation.
- `file_path = os.path.join(temp_dir_path, data["file"])` (line ~178) creates the path inside a temporary directory, but if `data["file"]` is absolute (e.g., `/home/secret.csv`), `os.path.join` ignores `temp_dir_path` and targ
OSV
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
osv·2026-01-12
CVE-2025-68472 [HIGH] MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
### Summary
[BlueRock](https://bluerock.io/) discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data.
### Details
The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and `source_type` is not `"url"`:
- `data = request.json` (line ~104) accepts attacker input without validation.
- `file_path = os.path.join(temp_dir_path, data["file"])` (line ~178) creates the path inside a temporary directory, but if `data["file"]` is absolute (e.g., `/home/secret.csv`), `os.path.join` ignores `temp_dir_path` and targ
Suricata
ET WEB_SPECIFIC_APPS MindsDB Unauthenticated File Upload API Path Traversal (CVE-2025-68472)
suricata·2026-01-14·CVSS 8.1
CVE-2025-68472 [HIGH] ET WEB_SPECIFIC_APPS MindsDB Unauthenticated File Upload API Path Traversal (CVE-2025-68472)
ET WEB_SPECIFIC_APPS MindsDB Unauthenticated File Upload API Path Traversal (CVE-2025-68472)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS MindsDB Unauthenticated File Upload API Path Traversal (CVE-2025-68472)"; flow:established,to_server; http.uri; content:"/api/files/"; fast_pattern; startswith; http.request_body; content:"|22|file|22 3a|"; pcre:"/^\s*?\x22[^\x22]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; http.method; content:"PUT"; reference:url,github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7; reference:cve,2025-68472; classtype:web-application-attack; sid:2066753; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2026_01_14, cve CVE_2025_68472, deployment Perimeter, deployment Internal, deployment S
No public exploits indexed.
Wiz
CVE-2025-68472 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-68472 [HIGH] CVE-2025-68472 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68472 :
Python vulnerability analysis and mitigation
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.
Source : NVD
## 9.1
Score
Published January 12, 2026
Severity CRITICAL
CNA Score 8.1
Affected Technologies
Pyt
Greynoiseio
NoiseLetter February 2026
blogs_greynoiseio
NoiseLetter February 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2026-01-12
Published