How severe is CVE-2025-2954?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2025-2954?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2025-2954 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2019-11893

MEDIUM

CVSS:5.5(Medium)

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining d...

CWE-2662019

CVE-2022-42825

MEDIUM

CVSS:5.5(Medium)

This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An a...

CWE-2662022

CVE-2024-13248

MEDIUM

CVSS:5.5(Medium)

Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0.

CWE-2662024

CVE-2025-2557

MEDIUM

CVSS:5.5(Medium)

A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to ...

CWE-2662025

CVE-2024-25633

MEDIUM

CVSS:5.4(Medium)

eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in vers...

CWE-2662024

CVE-2024-50702

MEDIUM

CVSS:5.4(Medium)

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

CWE-2662024