CVE-2025-6237CRITICAL 9.8EPSS p27.0%

CVE-2025-6237CVE-2025-6237

Description

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including critical system files such as SSH keys, databases, and configuration files. This vulnerability results in high confidentiality, integrity, and availability impacts.

Scoring

CVSS 3.09.8 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.35% probability of exploitation · percentile 27.0% · 2026-06-19T12:03:05Z
Published2025-09-18
Last modified2026-04-15

Underlying weaknesses· 1

CWE-73

References

  1. https://huntr.com/bounties/54ac9589-7c88-4fd4-8512-8b2f19fbaedf
  2. https://huntr.com/bounties/54ac9589-7c88-4fd4-8512-8b2f19fbaedf

1

TypeTargetConfidenceTier
WeaknessExternal Control of File Name or Pathcwe-730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14037
CVE
CVE-2025-6282
CVE
CVE-2026-42048
CVE
CVE-2025-65879
CVE
CVE-2026-36726
CVE
CVE-2026-22661
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.