cbcvebase.
CVE-2025-68472
published 2026-01-12

CVE-2025-68472: MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload…

PriorityP274critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
19.21%
97.0th percentile
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.

Affected

2 ranges
VendorProductVersion rangeFixed in
mindsdbmindsdb< 25.11.125.11.1
mindsdbmindsdb>= 0 < 25.11.125.11.1

Detection & IOCsextracted from sources · hover to see the quote

url/api/files/
pathfile.py
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS MindsDB Unauthenticated File Upload API Path Traversal (CVE-2025-68472)"; flow:established,to_server; http.uri; content:"/api/files/"; fast_pattern; startswith; http.request_body; content:"|22|file|22 3a|"; pcre:"/^\s*?\x22[^\x22]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; http.method; content:"PUT"; reference:url,github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7; reference:cve,2025-68472; classtype:web-application-attack; sid:2066753; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2026_01_14, cve CVE_2025_68472, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_14, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
  • Inspect the JSON request body for a 'file' key containing path traversal sequences (e.g., ../, ..\ or URL-encoded equivalents %2e%2e%2f, %2e%2e%5c). The Snort PCRE targets two or more consecutive traversal components.
  • The vulnerability is only triggered when the request body is JSON and source_type is not 'url'. Multipart and URL-sourced uploads are sanitized; JSON uploads are not — focus detection on JSON-body PUT requests.
  • The exploit is unauthenticated — no session or auth token is required. Perimeter and internal network sensors should both be deployed.
  • For TLS-encrypted traffic, enable SSL/TLS inspection (SSLDecrypt) to ensure the Snort rule fires — the ET rule metadata explicitly lists deployment SSLDecrypt and tls_state TLSDecrypt.
  • ·The vulnerability is fixed in MindsDB version 25.11.1. Versions prior to this are affected. Upgrade to remediate.
  • ·The path traversal only affects the JSON upload code path in file.py. Multipart and URL-sourced uploads already call clear_filename or equivalent sanitization and are not vulnerable.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.