CVE-2025-6237 | THREATINT

Description

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including critical system files such as SSH keys, databases, and configuration files. This vulnerability results in high confidentiality, integrity, and availability impacts.

PUBLISHED Reserved 2025-06-18 | Published 2025-09-18 | Updated 2025-09-18 | Assigner @huntr_ai

CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-73 External Control of File Name or Path

Product status

Any version

affected

References

huntr.com/bounties/54ac9589-7c88-4fd4-8512-8b2f19fbaedf exploit

huntr.com/bounties/54ac9589-7c88-4fd4-8512-8b2f19fbaedf

cve.org (CVE-2025-6237)

nvd.nist.gov (CVE-2025-6237)

Download JSON