What is the CVSS score of CVE-2025-56427?

CVE-2025-56427 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.7%.

Which versions of Composio are affected by CVE-2025-56427?

ComposioHQ v.0.7.20 contains a directory traversal vulnerability that allows attackers to access sensitive files and information on affected systems.

Is there a public PoC exploit available for CVE-2025-56427?

Yes, a public proof-of-concept exploit is available for CVE-2025-56427. Prioritise patching immediately. EPSS: 0.7%.

How to fix or mitigate CVE-2025-56427?

Within 24 hours: Identify all systems running ComposioHQ v.0.7.20 and assess whether they process sensitive data or have access to restricted information. Within 7 days: Implement network-level mitigations such as WAF rules to block directory traversal patterns and restrict access to the _download_file_or_dir function to trusted sources only; consider disabling the affected functionality if not business-critical. Within 30 days: Upgrade to a patched version when released by ComposioHQ, or migrate to an alternative solution if patches remain unavailable.

Composio CVE-2025-56427

EUVD-2025-201168 HIGH

Information Exposure (CWE-200)

2025-12-04 cve@mitre.org

GHSA-3mwv-j45g-vp3w

Information Disclosure Path Traversal Composio

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201168

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 16, 2025 - 17:52 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 16:16 nvd

HIGH 7.5

DescriptionNVD

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

Analysis

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-56427 vulnerability details – vuln.today

Back

Composio CVE-2025-56427

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code