CVE-2025-0868

EUVD-2025-4586
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..

This issue affects DocsGPT: from 0.8.1 through 0.12.0.
Eval Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CERT-PLCNA
9.3 CRITICAL
NETWORK
LOW
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
arc53docsgpt
0.8.1 ≤
𝑥
≤ 0.12.0
CNA
Common Weakness Enumeration
References
https://cert.pl/en/posts/2025/02/CVE-2025-0868/
https://cert.pl/posts/2025/02/CVE-2025-0868/
https://github.com/arc53/DocsGPT