关键信息 CVE ID: CVE-2025-56427 Product: Composio Version: v0.6.10 (Commit 9be17a8) Master Branch Problem Type: Remote DoS Description The server code in Composio master branch exposes a GET endpoint at /api/download that is intended to serve files from the server. The endpoint takes a file query parameter which specifies the path to the desired file. The Path(file) operation does not sanitize the user-provided file path. An attacker can use path traversal sequences (e.g., ../) or an absolute path to navigate outside of the intended directory and access any file on the server’s filesystem that the application has read permissions for. Proof of Concept Victim Setup: Run the Composio server on localhost:8000. Attack Steps: GET 127.0.0.1:8000/api/download?file=../../../../../etc/ssh/ssh_host_rsa_key then the attacker can read the sensitive file on the returned html. Impact: A malicious user could abuse this vulnerability to read any file on the victim server like SSH Keys, Confidential information, Internal configuration, Sensitive files, etc. Occurrences api.py L278