CVE-2025-6167 MEDIUM

CVE-2025-6167: themanojdesai python-a2a api.py create_workflow path traversal

Vendor Themanojdesai

Product python-a2a

Weakness CWE-22 · Path traversal

Published June 17, 2025

Last update June 17, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

Description

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.

Key dates

Disclosure timeline

June 17, 2025 CVE published

June 17, 2025 Record updated

Identifiers

CVE CVE-2025-6167

CWE CWE-22

CVSS 5.1 / MEDIUM

Affected versions

Vendor Themanojdesai

Product python-a2a

Affected 0.5.0

Vendor Themanojdesai

Product python-a2a

Affected 0.5.1

Vendor Themanojdesai

Product python-a2a

Affected 0.5.2

Vendor Themanojdesai

Product python-a2a

Affected 0.5.3

Vendor Themanojdesai

Product python-a2a

Affected 0.5.4

Vendor Themanojdesai

Product python-a2a

Affected 0.5.5