Home > Vulnerability Database > CVE-2025-6283

Mend.io Vulnerability Database

CVE-2025-6283

Good to know:

Date: June 19, 2025

A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.

Severity Score

3.5

Related Resources (9)

Url: https://github.com/xataio/agent/releases/tag/v0.3.1

Url: https://github.com/xataio/agent/commit/03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc

Url: https://vuldb.com/?id.313287

Url: https://vuldb.com/?submit.593627

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6283

Url: https://vuldb.com/?ctiid.313287

Url: https://github.com/xataio/agent/pull/191

Url: https://github.com/xataio/agent/issues/179

Url: https://www.mend.io/vulnerability-database/CVE-2025-6283

Severity Score

3.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version https://github.com/xataio/agent.git - v0.3.1

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6283

Good to know:

Date: June 19, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?