CVE-2025-32779 is a path traversal vulnerability classified under CWE-22 affecting labsai's EDDI middleware, which facilitates connection and management of large language model (LLM) API bots. The flaw exists in versions prior to 5.5.0 and is exploitable via the /backup/import API endpoint. Specifically, the vulnerability is a Zip Slip issue where an attacker can craft malicious archive files that, when extracted by the application, write files outside the intended extraction directory. This improper limitation of pathname traversal allows overwriting arbitrary files owned by the application user (UID 185). Although the application does not run as root, overwriting critical application files such as JAR libraries can lead to remote code execution within the application's privilege context. The attack vector requires the attacker to have authenticated access to the API endpoint but does not require user interaction. The vulnerability has a CVSS 3.1 base score of 6.5, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, no confidentiality impact, but high integrity and availability impacts. No public exploits are currently known, and the vendor has released a patch in version 5.5.0 to address this issue.

For European organizations, exploitation of this vulnerability could lead to significant operational disruption and potential compromise of sensitive data managed by the EDDI middleware. Although the application runs with limited privileges, successful exploitation can overwrite application binaries or libraries, enabling remote code execution within the application context. This could allow attackers to manipulate bot behaviors, inject malicious code, or disrupt service availability. Organizations relying on EDDI for managing LLM API bots may experience degraded service, data integrity loss, or unauthorized actions performed by compromised bots. The medium CVSS score reflects the need for authentication, which somewhat limits exposure, but insider threats or compromised credentials could facilitate exploitation. Given the increasing adoption of AI and LLM-based services in Europe, this vulnerability poses a tangible risk to organizations integrating such middleware into their workflows.

The primary mitigation is to upgrade labsai EDDI to version 5.5.0 or later, where the vulnerability is patched. Until upgrade is possible, organizations should restrict access to the /backup/import API endpoint to trusted administrators only, enforce strong authentication and authorization controls, and monitor API usage logs for suspicious activity. Implementing network segmentation to isolate the EDDI service and applying strict input validation on uploaded archives can reduce risk. Additionally, employing runtime application self-protection (RASP) or file integrity monitoring can help detect unauthorized file modifications. Regularly auditing application user permissions and ensuring the application runs with the least privilege necessary will limit potential damage. Finally, organizations should prepare incident response plans specific to middleware compromise scenarios.