CVE-2025-67506

Published: Dec 10, 2025Modified: Mar 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload to os.path.join(tmpdir, file.filename) without normalizing the filename. An attacker can submit a crafted filename containing ../ sequences to write arbitrary files anywhere the service account has permission, enabling remote file overwrite or planting malicious code. This issue is fixed in version 0.1.0-beta.

Affected (3)

Products: Pipeshub: Pipeshub

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Pipeshub Pipeshub	Version 0.1.0 alpha
Pipeshub Pipeshub	Version 0.1.2 alpha
Pipeshub Pipeshub	Version 0.1.3 alpha

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/pipeshub-ai/pipeshub-ai/commit/987ebab40a1fc39956730ed93220f7f9b2c4e5f8

Source: security-advisories@github.com

Patch

https://github.com/pipeshub-ai/pipeshub-ai/security/advisories/GHSA-w398-9m55-2357

Source: security-advisories@github.com

ExploitMitigationVendor Advisory

Timeline

No history available yet.