CVE-2025-0868

CRITICAL EXPLOITED NUCLEI

DocsGPT 0.8.1-0.12.0 - Remote Code Execution via /api/remote Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-0868 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Shreyas Malhotra, iSee857, aidana-gift. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Remote Code Execution (RCE) vulnerability in DocsGPT versions 0.8.1 through 0.12.0. It sends a maliciously crafted POST request to the `/api/remote` endpoint, injecting a payload that executes arbitrary commands via Python's `__import__('os').system()` function.

Description

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Shreyas Malhotra · pythonwebappspython
https://www.exploit-db.com/exploits/52145

This exploit demonstrates a Remote Code Execution (RCE) vulnerability in DocsGPT versions 0.8.1 through 0.12.0. It sends a maliciously crafted POST request to the `/api/remote` endpoint, injecting a payload that executes arbitrary commands via Python's `__import__('os').system()` function.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DocsGPT 0.8.1 through 0.12.0
No auth needed
Prerequisites: Network access to the target's `/api/remote` endpoint · DocsGPT service running on the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/DocsGPT-CVE-2025-0868-RCE.py

The repository contains a functional exploit for CVE-2026-22812, demonstrating remote command execution (RCE) in OpenCode. The script sends a crafted JSON payload to the '/session' endpoint to obtain a session ID, then executes the 'id' command via the '/session/{id}/shell' endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenCode (version not specified)
No auth needed
Prerequisites: Network access to the target OpenCode instance
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by aidana-gift · remote
https://github.com/aidana-gift/CVE-2025-0868

This repository contains a functional Python exploit for CVE-2025-0868, an RCE vulnerability in DocsGPT versions 0.8.1 through 0.12.0. The exploit leverages unsafe `eval()` usage in the `/api/remote` endpoint to execute arbitrary Python code via crafted JSON input.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DocsGPT v0.8.1 - v0.12.0
No auth needed
Prerequisites: Network access to the target's `/api/remote` endpoint · DocsGPT version between 0.8.1 and 0.12.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

DocsGPT - Unauthenticated Remote Code Execution
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
FOFA: body="Welcome to DocsGPT"

References (3)

Core 3
Core References
Various Sources third-party-advisory
https://cert.pl/en/posts/2025/02/CVE-2025-0868/
Various Sources third-party-advisory
https://cert.pl/posts/2025/02/CVE-2025-0868/
Various Sources product
https://github.com/arc53/DocsGPT

Scores

CVSS v4 9.3
EPSS 0.1728
EPSS Percentile 95.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2025-06-08
CWE
CWE-95
Status published
Products (2)
Arc53/DocsGPT 0.8.1 - 0.12.0
npm/docsgpt 0.8.1npm
Published Feb 20, 2025
Tracked Since Feb 18, 2026