Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.
References
| Link | Resource |
|---|---|
| https://github.com/ComposioHQ/composio/blob/master/python/composio/server/api.py#L278 | Broken Link |
| https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md | Exploit Third Party Advisory |
| https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md | Exploit Third Party Advisory |
Configurations
History
16 Dec 2025, 17:52
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Composio
Composio composio |
|
| References | () https://github.com/ComposioHQ/composio/blob/master/python/composio/server/api.py#L278 - Broken Link | |
| References | () https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:composio:composio:0.7.20:*:*:*:*:*:*:* |
05 Dec 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| References | () https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md - | |
| CWE | CWE-200 |
04 Dec 2025, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-04 16:16
Updated : 2025-12-16 17:52
NVD link : CVE-2025-56427
Mitre link : CVE-2025-56427
CVE.ORG link : CVE-2025-56427
JSON object : View
Products Affected
composio
- composio
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor