EUVD-2025-29906

Description

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including critical system files such as SSH keys, databases, and configuration files. This vulnerability results in high confidentiality, integrity, and availability impacts.

CVE-2025-6237

EPSS Score:

Comprehensive Technical Analysis of EUVD-2025-29906

1. Vulnerability Assessment and Severity Evaluation

The vulnerability described in EUVD-2025-29906 affects the invokeai software, specifically versions v6.0.0a1 and below. This vulnerability allows attackers to perform path traversal and arbitrary file deletion through the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including critical system files such as SSH keys, databases, and configuration files.

Severity Evaluation:

Base Score: 9.8 (CVSS v3.0)
Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The high base score indicates a critical vulnerability with significant impacts on confidentiality, integrity, and availability. The attack vector is network-based (AV:N), requires low complexity (AC:L), does not require privileges (PR:N), and does not require user interaction (UI:N). The scope is unchanged (S:U), and the impacts on confidentiality, integrity, and availability are all high (C:H/I:H/A:H).

2. Potential Attack Vectors and Exploitation Methods

Attack Vectors:

Path Traversal: Attackers can manipulate the bulk_download_item_name parameter to traverse directories and access files outside the intended directory.
Arbitrary File Deletion: By exploiting the path traversal vulnerability, attackers can delete critical system files, leading to system instability or complete failure.

Exploitation Methods:

Manipulating Filename Arguments: Attackers can craft specific HTTP GET requests to the /api/v1/images/download/{bulk_download_item_name} endpoint with malicious filename arguments.
Automated Scripts: Attackers can use automated scripts to scan for vulnerable endpoints and exploit the vulnerability en masse.

3. Affected Systems and Software Versions

Affected Software:

invokeai versions v6.0.0a1 and below.

Affected Systems:

Any server running the affected versions of invokeai.
Systems that rely on invokeai for image processing and management.

4. Recommended Mitigation Strategies

Immediate Mitigation:

Patching: Upgrade to a patched version of invokeai that addresses this vulnerability.
Access Control: Implement strict access controls to limit exposure of the vulnerable endpoint.
Input Validation: Ensure proper input validation and sanitization for all user-supplied data, especially filename arguments.

Long-Term Mitigation:

Regular Updates: Maintain a regular update schedule for all software components.
Security Audits: Conduct regular security audits and vulnerability assessments.
Monitoring: Implement continuous monitoring and logging to detect and respond to suspicious activities.

5. Impact on European Cybersecurity Landscape

The vulnerability poses a significant risk to organizations using invokeai within the European Union. Given the high base score and the potential for severe impacts on confidentiality, integrity, and availability, this vulnerability could lead to data breaches, system failures, and loss of critical services. Organizations must prioritize patching and implementing robust security measures to mitigate the risk.

6. Technical Details for Security Professionals

Vulnerability Details:

Endpoint: GET /api/v1/images/download/{bulk_download_item_name}
Vulnerable Code: The vulnerability is located in the images.py file, specifically between lines 493 and 524.

Exploitation Example:

import requests

# Example of a malicious request
url = "http://vulnerable-server.com/api/v1/images/download/../../../../etc/passwd"
response = requests.get(url)

print(response.text)

Mitigation Code Example:

from flask import Flask, request, abort
import os

app = Flask(__name__)

@app.route('/api/v1/images/download/<path:filename>', methods=['GET'])
def download_image(filename):
    # Ensure the filename does not contain path traversal sequences
    if os.path.isabs(filename) or ".." in filename:
        abort(400)

    # Proceed with safe file handling
    # ...

if __name__ == '__main__':
    app.run()

References:

By addressing this vulnerability promptly and implementing robust security measures, organizations can significantly reduce the risk of exploitation and protect their critical assets.

Description

CVE-2025-6237

EPSS Score:

Comprehensive Technical Analysis of EUVD-2025-29906

1. Vulnerability Assessment and Severity Evaluation

Severity Evaluation:

Base Score: 9.8 (CVSS v3.0)
Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

2. Potential Attack Vectors and Exploitation Methods

Attack Vectors:

Path Traversal: Attackers can manipulate the bulk_download_item_name parameter to traverse directories and access files outside the intended directory.
Arbitrary File Deletion: By exploiting the path traversal vulnerability, attackers can delete critical system files, leading to system instability or complete failure.

Exploitation Methods:

Manipulating Filename Arguments: Attackers can craft specific HTTP GET requests to the /api/v1/images/download/{bulk_download_item_name} endpoint with malicious filename arguments.
Automated Scripts: Attackers can use automated scripts to scan for vulnerable endpoints and exploit the vulnerability en masse.

3. Affected Systems and Software Versions

Affected Software:

invokeai versions v6.0.0a1 and below.

Affected Systems:

Any server running the affected versions of invokeai.
Systems that rely on invokeai for image processing and management.

4. Recommended Mitigation Strategies

Immediate Mitigation:

Patching: Upgrade to a patched version of invokeai that addresses this vulnerability.
Access Control: Implement strict access controls to limit exposure of the vulnerable endpoint.
Input Validation: Ensure proper input validation and sanitization for all user-supplied data, especially filename arguments.

Long-Term Mitigation:

Regular Updates: Maintain a regular update schedule for all software components.
Security Audits: Conduct regular security audits and vulnerability assessments.
Monitoring: Implement continuous monitoring and logging to detect and respond to suspicious activities.

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

Vulnerability Details:

Endpoint: GET /api/v1/images/download/{bulk_download_item_name}
Vulnerable Code: The vulnerability is located in the images.py file, specifically between lines 493 and 524.

Exploitation Example:

import requests

# Example of a malicious request
url = "http://vulnerable-server.com/api/v1/images/download/../../../../etc/passwd"
response = requests.get(url)

print(response.text)

Mitigation Code Example:

from flask import Flask, request, abort
import os

app = Flask(__name__)

@app.route('/api/v1/images/download/<path:filename>', methods=['GET'])
def download_image(filename):
    # Ensure the filename does not contain path traversal sequences
    if os.path.isabs(filename) or ".." in filename:
        abort(400)

    # Proceed with safe file handling
    # ...

if __name__ == '__main__':
    app.run()

References:

By addressing this vulnerability promptly and implementing robust security measures, organizations can significantly reduce the risk of exploitation and protect their critical assets.

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2025-29906

1. Vulnerability Assessment and Severity Evaluation

2. Potential Attack Vectors and Exploitation Methods

3. Affected Systems and Software Versions

4. Recommended Mitigation Strategies

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

References

Affected Products

Vendors

EUVD-2025-29906

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2025-29906

1. Vulnerability Assessment and Severity Evaluation

2. Potential Attack Vectors and Exploitation Methods

3. Affected Systems and Software Versions

4. Recommended Mitigation Strategies

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

References

Affected Products

Vendors