Description
A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Es wurde eine problematische Schwachstelle in mannaandpoem OpenManus bis 2025.3.13 gefunden. Es geht dabei um die Funktion execute der Datei app/tool/file_saver.py der Komponente File Handler. Mit der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Incorrect Privilege Assignment
Product status
2025.3.1
2025.3.2
2025.3.3
2025.3.4
2025.3.5
2025.3.6
2025.3.7
2025.3.8
2025.3.9
2025.3.10
2025.3.11
2025.3.12
2025.3.13
Timeline
| 2025-03-29: | Advisory disclosed |
| 2025-03-29: | VulDB entry created |
| 2025-03-29: | VulDB entry last update |
Credits
s0l42 (VulDB User)
References
magnificent-dill-351.notion.site/...18ed805e8e7fd35a896d2d41
vuldb.com/?id.302007 (VDB-302007 | mannaandpoem OpenManus File file_saver.py execute access control)
vuldb.com/?ctiid.302007 (VDB-302007 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.521545 (Submit #521545 | OpenManus 2025.3.13 Arbitrary File Writing)
magnificent-dill-351.notion.site/...18ed805e8e7fd35a896d2d41
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
