NewMeet the Gecko team at RSAC 2026
Gecko Security
Get a Demo
Back to Research
CVSS 5.0mediumCVE-2025-51475

CVE-2025-51475: SuperAGI AFO in File Upload Endpoint

Arbitrary file overwrite vulnerability in SuperAGI's file upload functionality due to insufficient path sanitization.

Gecko Security ResearchApr 23, 2025
Gecko Security Team
Summarize with AI
ChatGPTPerplexityGeminiGrokClaude

Description

An AFO was found in SuperAGI's file upload functionality due to insufficient sanitization of user-supplied filenames. The implementation checks file extensions, but it fails to neutralize directory traversal sequences such as ../, allowing attackers to write files outside the intended directory.

The vulnerability lies in the /api/resources/add/<agent_id> endpoint in the superagi/controllers/resources.py file. The file path is constructed using os.path.join() with a base directory and user-provided filename, without enforcing path constraints. Although extensions are validated, an attacker can append a valid extension (e.g., .pdf) to a malicious filename like ../../../etc/passwd%00.pdf to bypass checks.

The file is written using Python’s open() in binary write mode ('wb'), which allows overwriting existing files. The base directory is retrieved from ResourceHelper.get_root_input_dir, which does not enforce path containment, making arbitrary overwrite possible anywhere within the app’s writeable file system.

Source - Sink Analysis

  1. Source: upload() in superagi/controllers/resources.py

    • Receives file and filename input directly from user upload

  2. Intermediate: get_root_input_dir() in superagi/helper/resource_helper.py

    • Resolves the base storage directory without normalization or validation

  3. Sink: open() in superagi/controllers/resources.py

    • Writes the file using unsanitized path, allowing path traversal

Proof of Concept

To verify this vulnerability, we need to

  1. Create a local file and ensure that it has one of the valid extensions
  2. Create a new "resource" with the local file as a parameter
# create a malicious file
touch anyfile.txt
echo "This is a test file" > anyfile.txt

# create the resource with said file as a parameter
curl -X POST "http://127.0.0.1:3000/api/resources/add/1" \
  -H "Content-Type: multipart/form-data" \
  -F "file=@anyfile.txt" \
  -F "name=../../../../etc/passwd.txt" \
  -F "type=text/plain" \
  -F "size=1024"

Output

{
  "name": "../../../../etc/passwd.txt",
  "path": "/app/workspace/input/test_1/anyfile.txt",
  ...
}

Impact

This vulnerability allows attackers to:

  • Overwrite arbitrary files on the filesystem
  • Bypass application logic and controls
  • Escalate privileges or disrupt service if critical files are overwritten