CVE-2025-6167

Summary

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
themanojdesaipython-a2a0.5.0affected
themanojdesaipython-a2a0.5.1affected
themanojdesaipython-a2a0.5.2affected
themanojdesaipython-a2a0.5.3affected
themanojdesaipython-a2a0.5.4affected
themanojdesaipython-a2a0.5.5affected
themanojdesaipython-a2a0.5.6unaffected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References