Composio Unrestricted File Write and Read Vulnerability in Filetools Actions

Vulnerability

A vulnerability allowing unrestricted file write and read operations has been identified in Composio version 0.4.3. This issue arises from inadequate validation of file paths in the filetools actions, enabling an attacker to manipulate files anywhere on the server. Such exploitation could result in privilege escalation or remote code execution.

Impact

Exploitation of this vulnerability could lead to unauthorized file access and modification, with potential consequences of privilege escalation or remote code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Composio Unrestricted File Write and Read Vulnerability in Filetools Actions

Vulnerability

Impact

Affected Products

composiohq/composio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating