CVE-2025-68472 Overview
A path traversal vulnerability exists in MindsDB, a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API allows any caller to read arbitrary files from the server filesystem and move them into MindsDB's storage, exposing sensitive data. The vulnerability stems from the PUT handler in file.py which directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url".
Critical Impact
Unauthenticated attackers can read arbitrary files from the server filesystem, potentially exposing sensitive configuration files, credentials, and other confidential data stored on the MindsDB server.
Affected Products
- MindsDB versions prior to 25.11.1
- MindsDB file upload API (JSON-based uploads)
- MindsDB installations with exposed file upload endpoints
Discovery Timeline
- 2026-01-12 - CVE CVE-2025-68472 published to NVD
- 2026-01-13 - Last updated in NVD database
Technical Details for CVE-2025-68472
Vulnerability Analysis
This path traversal vulnerability (CWE-22) affects the MindsDB file upload functionality. The core issue lies in inconsistent input sanitization across different upload methods. While multipart uploads and URL-sourced uploads properly sanitize file paths using clear_filename or equivalent checks, JSON-based uploads lack any such validation. This allows attackers to craft malicious JSON payloads containing path traversal sequences (such as ../) to access files outside the intended upload directory.
The vulnerability is particularly dangerous because it requires no authentication, meaning any network-adjacent attacker can exploit it to read sensitive files from the server. This could include configuration files containing database credentials, API keys, internal network information, or any other sensitive data accessible to the MindsDB process.
Root Cause
The root cause is a missing input validation check in the PUT handler within file.py. When processing JSON requests where source_type is not set to "url", the handler directly concatenates user-supplied path components without sanitization. The clear_filename function, which is properly applied to multipart and URL-sourced uploads, is never called for JSON uploads, creating an inconsistent security boundary.
Attack Vector
The attack requires network adjacency to exploit. An attacker crafts a malicious JSON request to the file upload API endpoint, including path traversal sequences in the filename or path parameters. The server processes this request and reads the targeted file from the filesystem, moving it into MindsDB's storage where the attacker can then access it. No authentication is required, making this vulnerability exploitable by any attacker who can reach the API endpoint on the adjacent network.
The attack can be used to exfiltrate sensitive files such as /etc/passwd, application configuration files, database credentials, or any file readable by the MindsDB process user.
Detection Methods for CVE-2025-68472
Indicators of Compromise
- Unusual file access patterns in MindsDB storage directories containing system files
- HTTP PUT requests to file upload endpoints containing ../ sequences in JSON payloads
- Unexpected files appearing in MindsDB's file storage that match system file patterns
- Access logs showing requests with path traversal patterns in request bodies
Detection Strategies
- Monitor web server and application logs for PUT requests containing directory traversal sequences (../, ..%2f, etc.)
- Implement web application firewall (WAF) rules to detect and block path traversal patterns in JSON request bodies
- Audit MindsDB file storage directories for files that should not exist in the application context
- Deploy file integrity monitoring on sensitive system directories to detect unauthorized reads
Monitoring Recommendations
- Enable verbose logging on MindsDB file upload API endpoints
- Configure SIEM rules to alert on path traversal indicators in HTTP request bodies
- Monitor for anomalous file operations by the MindsDB service account
- Implement network segmentation monitoring to detect unexpected access patterns to MindsDB instances
How to Mitigate CVE-2025-68472
Immediate Actions Required
- Upgrade MindsDB to version 25.11.1 or later immediately
- Restrict network access to MindsDB file upload endpoints to trusted sources only
- Audit existing files in MindsDB storage for potentially exfiltrated sensitive data
- Review access logs for signs of prior exploitation
Patch Information
The vulnerability is fixed in MindsDB version 25.11.1. The patch adds proper input sanitization to JSON-based file uploads, ensuring that path traversal sequences are stripped or rejected before file operations are performed. Organizations should upgrade to this version or later to remediate the vulnerability. For additional details, refer to the GitHub Security Advisory.
Workarounds
- Implement network-level access controls to restrict access to MindsDB API endpoints from untrusted networks
- Deploy a reverse proxy or WAF in front of MindsDB that filters requests containing path traversal patterns
- Disable or restrict JSON-based file uploads if not required for business operations
- Run MindsDB with minimal filesystem permissions to limit the impact of successful exploitation
# Network-level restriction example using iptables
# Restrict access to MindsDB port from trusted networks only
iptables -A INPUT -p tcp --dport 47334 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 47334 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
