CVE-2025-0868 is a critical security vulnerability identified in Arc53's DocsGPT product, specifically affecting versions from 0.8.1 through 0.12.0. The root cause of this vulnerability lies in improper neutralization of directives in dynamically evaluated code, classified under CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code, commonly known as 'Eval Injection'). The vulnerability arises because DocsGPT improperly parses JSON data by using Python's eval() function within its /api/remote endpoint. This unsafe use of eval() allows an unauthenticated attacker to send specially crafted JSON input containing arbitrary Python code, which the server then executes. This results in Remote Code Execution (RCE) without requiring any authentication or user interaction. The CVSS v4.0 base score is 9.3, indicating a critical severity level, with attack vector being network-based, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits have been reported in the wild yet, the vulnerability's nature and ease of exploitation make it a significant threat. The lack of available patches at the time of disclosure further increases the risk for affected deployments. The vulnerability is particularly dangerous because RCE can allow attackers to fully compromise the host system, steal sensitive data, disrupt services, or pivot to other internal systems.

For European organizations using DocsGPT versions 0.8.1 through 0.12.0, this vulnerability poses a severe risk. Successful exploitation could lead to full system compromise, resulting in data breaches, intellectual property theft, operational disruption, and potential lateral movement within corporate networks. Given DocsGPT's role in document processing and AI-driven content generation, attackers could manipulate or exfiltrate sensitive corporate documents or inject malicious content. The critical nature of the vulnerability means that attackers can exploit it remotely without authentication, increasing the likelihood of automated attacks and widespread compromise. This could severely impact organizations in sectors with strict data protection regulations such as GDPR, leading to legal and financial penalties. Additionally, disruption of document workflows could affect business continuity. The absence of known exploits currently provides a small window for mitigation, but the high severity demands immediate attention.

Immediate mitigation steps include: 1) Disabling or restricting access to the /api/remote endpoint until a secure patch is available. 2) Implementing network-level controls such as firewall rules or API gateways to restrict inbound traffic to trusted sources only. 3) Monitoring logs for unusual or unexpected requests targeting the /api/remote endpoint, especially those containing suspicious JSON payloads. 4) If possible, upgrading to a patched version once released by Arc53. 5) As a temporary workaround, modifying the source code to replace the use of eval() with a safe JSON parser (e.g., json.loads()) to prevent code execution. 6) Conducting thorough security audits and penetration testing focused on API endpoints to detect similar unsafe coding practices. 7) Educating developers and DevOps teams about the dangers of using eval() with untrusted input to prevent recurrence. 8) Employing runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect and block suspicious behaviors indicative of exploitation attempts.