CVE-2025-32779 is a path traversal vulnerability classified under CWE-22, affecting the labsai EDDI (Enhanced Dialog Driven Interface) middleware, which is used to connect and manage large language model (LLM) API bots. Specifically, versions of EDDI prior to 5.5.0 contain a Zip Slip vulnerability in the `/backup/import` API endpoint. This vulnerability allows an attacker with access to this endpoint to write arbitrary files outside the intended extraction directory by manipulating the paths within a crafted ZIP archive. Although the application runs under a non-root user (UID 185), which limits the ability to overwrite critical system files, the attacker can overwrite application files owned by this user, such as JAR libraries. Overwriting these files can lead to remote code execution (RCE) within the context of the application, potentially allowing an attacker to execute arbitrary code, manipulate application behavior, or escalate privileges within the application environment. The vulnerability has been addressed in version 5.5.0 of EDDI, and no known exploits are currently reported in the wild. The issue arises from improper validation and sanitization of file paths during ZIP extraction, enabling directory traversal beyond the designated extraction folder.

For European organizations using labsai EDDI middleware versions prior to 5.5.0, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized code execution within the application context, potentially compromising the integrity and availability of services relying on EDDI for LLM API bot management. This could disrupt automated workflows, degrade service quality, or lead to data manipulation or leakage if the application processes sensitive information. While the non-root execution context limits system-wide compromise, attackers could leverage this foothold to pivot within the network or escalate privileges if other vulnerabilities exist. Organizations in sectors heavily reliant on AI-driven automation, such as finance, healthcare, and critical infrastructure, may face operational disruptions or reputational damage. Additionally, since the vulnerability involves an API endpoint, automated or scripted attacks could be feasible if the endpoint is exposed or insufficiently protected, increasing the attack surface.

1. Immediate upgrade to labsai EDDI version 5.5.0 or later to apply the official patch addressing the path traversal vulnerability. 2. Restrict access to the `/backup/import` API endpoint using network segmentation, firewall rules, or API gateway policies to ensure only authorized and authenticated users or systems can invoke this endpoint. 3. Implement strict input validation and sanitization on all file upload and extraction processes, including verifying that extracted file paths remain within the intended directory boundaries before writing to disk. 4. Employ runtime application self-protection (RASP) or file integrity monitoring to detect unauthorized modifications to application files such as JAR libraries. 5. Conduct regular audits and monitoring of application logs for unusual activity related to backup imports or file writes. 6. Use containerization or sandboxing to isolate the EDDI application environment, limiting the impact of potential code execution. 7. Review and enforce the principle of least privilege for the application user (UID 185), ensuring it has minimal permissions necessary to operate. 8. If upgrading immediately is not feasible, consider disabling or restricting the `/backup/import` endpoint temporarily until a patch can be applied.