What is the CVSS score of CVE-2025-49131?

CVE-2025-49131 has a CVSS 3.1 base score of 6.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.3%.

Which versions of Python are affected by CVE-2025-49131?

Organizations using FastGPT should be aware of moderate risk from CVE-2025-49131, a incorrect permissions vulnerability rated CVSS 6.3. Attackers could gain access beyond their authorized level.. A patch is available.

How to fix or mitigate CVE-2025-49131?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review and tighten file/resource permissions.

Python CVE-2025-49131

EUVD-2025-17467 MEDIUM

Incorrect Permission Assignment for Critical Resource (CWE-732)

2025-06-09 security-advisories@github.com

Python RCE Fastgpt

6.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.3 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17467

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

Patch released

Mar 14, 2026 - 19:21 nvd

Patch available

CVE Published

Jun 09, 2025 - 13:15 nvd

MEDIUM 6.3

DescriptionGitHub Advisory

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.

Analysis

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment for Critical Resource (CWE-732).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL Act Now

9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co

CVE-2026-45833 CRITICAL Act Now

9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

CVE-2026-47103 CRITICAL Act Now

9.3 Jun 17

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host pr

CVE-2025-49131 vulnerability details – vuln.today

Back