CVE-2025-0868

N/A Unknown

Published: February 20, 2025 Modified: October 03, 2025

Description

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://cert.pl/en/posts/2025/02/CVE-2025-0868/

Source: cvd@cert.pl

https://cert.pl/posts/2025/02/CVE-2025-0868/

Source: cvd@cert.pl

https://github.com/arc53/DocsGPT

Source: cvd@cert.pl

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

11.1%

93th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-95

Related CVEs

CVE-2026-21652 N/A

CVE-2026-21651 N/A

CVE-2026-21650 N/A

CVE-2026-21649 N/A

CVE-2026-21648 N/A