← back
CVE-2025-0868

Remote Code Execution in DocsGPT

CVSS 9.3 CRITICALEPSS 15.1%CWE-95
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Arc53 · DocsGPT
public PoCs found2
githubgithub.com/aidana-gift/CVE-2025-08681exploitdbwww.exploit-db.com/exploits/52145unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.pl/en/posts/2025/02/CVE-2025-0868/https://cert.pl/posts/2025/02/CVE-2025-0868/https://github.com/arc53/DocsGPT