Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Absolute path traversal in Deepractice PromptX up to version 2.4.0 allows remote unauthenticated attackers to read arbitrary files from the server by manipulating the path argument in document file handling functions (read_docx, read_xlsx, read_pptx, list_xlsx_sheets, read_pdf). Publicly available exploit code exists and the vendor has not responded to early disclosure, though CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates moderate information disclosure risk with no integrity or availability impact.
Technical ContextAI
The vulnerability resides in the Document File Handler component (packages/mcp-office/src/index.ts) of PromptX's Model Context Protocol (MCP) office file processing module. The affected functions handle reading Microsoft Office documents (Word, Excel, PowerPoint) and PDF files. The root cause is CWE-36 (Absolute Path Traversal), where insufficient input validation on the path parameter allows attackers to bypass directory restrictions and access files outside the intended document storage directory. The functions do not properly sanitize or canonicalize file paths, permitting traversal sequences such as absolute paths or complex relative path constructs to reach sensitive files on the server filesystem.
RemediationAI
Upgrade Deepractice PromptX to a version later than 2.4.0 once a patch is released; currently no patched version is available and the vendor has not responded to early disclosure. As a temporary compensating control, restrict network access to the PromptX service to trusted internal networks only, or place it behind an authentication gateway (e.g., OAuth, reverse proxy authentication) to require authentication despite the PR:N vector suggesting unauthenticated access-this raises the attack barrier pending a patch. Additionally, review and restrict the file system permissions of the PromptX process user to minimize the scope of readable files in case of exploitation (principle of least privilege). Input validation can be hardened on the application side by implementing strict path canonicalization and whitelisting allowed document directories, but this requires code changes and is not a substitute for upgrading. Monitor the GitHub repository (https://github.com/Deepractice/PromptX/) and VulDB for patch announcements.
Same weakness CWE-36 – Absolute Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25973