CVE-2025-2954

LOW

mannaandpoem OpenManus <2025.3.13 - Improper Access Controls

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.302007

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.302007

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.521545

Broken Link exploit

https://magnificent-dill-351.notion.site/Arbitrary-File-Writing-in-OpenManus-2025-3-13-1b9c693918ed805e8e7fd35a896d2d41

Scores

CVSS v3 3.3

EPSS 0.0014

EPSS Percentile 3.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-284

Status published

Products (1)

mannaandpoem/openmanus < 2025.3.13

Published Mar 30, 2025

Tracked Since Feb 18, 2026