CVE-2025-56427

Published: Dec 4, 2025Modified: Dec 16, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

Affected (1)

Products: Composio: Composio

Composio

1 product

Composio

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Composio Composio	Version 0.7.20

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://github.com/ComposioHQ/composio/blob/master/python/composio/server/api.py#L278

Source: cve@mitre.org

Broken Link

https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.