What is CVE-2025-0868?

CVE-2025-0868 is a vulnerability in Arc53 Docsgpt, classified under Eval Injection. Published 2025-02-20.

Is CVE-2025-0868 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Arc53 Docsgpt

CVE-2025-0868

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoi…

EPSS: 0.173 (95.2th percentile) — read the EPSS interpretation.

Affected products

Arc53 Docsgpt — versions 0.8.1

Weakness classification (CWE)

CWE-95 — Eval Injection

Public proof-of-concept exploits

aidana-gift/CVE-2025-0868
ARPSyndicate/cve-scores
cyb3r-w0lf/nuclei-template-collection
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub
20142995/nuclei-templates
plzheheplztrying/cve_
tanjiti/sec_
vulnerability-lookup/ExploitDBSighting
pbuff07/waf_

References

cert.pl/en/posts/2025/02/CVE-2025-0868/ (third-party-advisory)
cert.pl/posts/2025/02/CVE-2025-0868/ (third-party-advisory)
github.com/arc53/DocsGPT (product)

Frequently asked questions

What is CVE-2025-0868?: CVE-2025-0868 is a vulnerability in Arc53 Docsgpt, classified under Eval Injection. Published 2025-02-20.
Is CVE-2025-0868 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.