CVE-2025-6772 is a path traversal vulnerability identified in the eosphoros-ai db-gpt product, specifically affecting versions 0.7.0, 0.7.1, and 0.7.2. The vulnerability resides in the import_flow function within the /api/v2/serve/awel/flow/import endpoint. An attacker can manipulate the 'File' argument to perform a path traversal attack, allowing unauthorized access to files outside the intended directory structure. This vulnerability can be exploited remotely without requiring any authentication or user interaction, increasing the risk of exploitation. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is rated as low to medium, indicating that while the attacker can access files outside the intended scope, the overall damage potential is somewhat limited by the nature of the accessible files and the scope of the application. No public exploits are currently known to be in the wild, but the exploit details have been disclosed publicly, which may increase the risk of future exploitation. No patches or fixes have been linked yet, so affected users should monitor vendor communications closely for updates.

For European organizations using eosphoros-ai db-gpt versions up to 0.7.2, this vulnerability poses a risk of unauthorized file access, potentially exposing sensitive configuration files, credentials, or other critical data stored on the server. This could lead to information disclosure, which may facilitate further attacks such as privilege escalation or lateral movement within the network. Given that the vulnerability can be exploited remotely without authentication, attackers could target exposed instances over the internet or internal networks. The impact is particularly significant for organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, or government agencies, where data confidentiality and integrity are paramount. Additionally, exploitation could disrupt operations if critical files are accessed or modified, affecting availability indirectly. The medium CVSS score reflects a moderate risk, but the ease of exploitation and lack of required privileges elevate the threat level. Organizations in Europe must consider the regulatory implications of data breaches under GDPR and other data protection laws, which could result in legal and financial penalties.

1. Immediate mitigation should include restricting access to the vulnerable import_flow endpoint by implementing network-level controls such as IP whitelisting or VPN-only access to reduce exposure. 2. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal patterns in the 'File' parameter. 3. Conduct a thorough audit of all instances running affected versions and isolate them from public networks until patched. 4. Monitor logs for suspicious requests targeting the /api/v2/serve/awel/flow/import endpoint, focusing on unusual file path patterns or repeated access attempts. 5. Implement strict input validation and sanitization on the server side to ensure that file path parameters cannot include traversal sequences (e.g., '../'). 6. Engage with the vendor or community to obtain patches or updates as soon as they become available and prioritize timely deployment. 7. As a longer-term measure, consider deploying runtime application self-protection (RASP) solutions to detect and prevent exploitation attempts dynamically. 8. Educate development and security teams about secure coding practices to prevent similar vulnerabilities in future releases.