Listen to this Post
How CVE-2025-2954 Works
The vulnerability in MannaAndPoem OpenManus (up to v2025.3.13) resides in app/tool/file_saver.py, specifically the `execute` function. Due to improper access controls, a local attacker can manipulate file operations without proper authorization checks. The flaw allows unauthorized read/write access to restricted files via crafted requests. Attackers must have local system access, limiting the attack surface but posing risks in multi-user environments. The CVSS 4.0 vector (AV:L/AC:L/PR:L/VI:L) confirms local exploitation with low attack complexity.
DailyCVE Form
Platform: MannaAndPoem OpenManus
Version: <= 2025.3.13
Vulnerability: Improper Access Control
Severity: Medium
Date: 04/15/2025
What Undercode Say:
Exploitation:
1. Exploit Code (Python):
import os
from app.tool.file_saver import execute
Bypass access control
execute("/etc/shadow", "r") Read restricted file
2. Manual Steps:
- Gain local shell access.
- Call `file_saver.py` with malicious paths.
Protection:
1. Patch: Upgrade to OpenManus > 2025.3.13.
2. Workaround: Restrict `file_saver.py` permissions:
chmod 750 /path/to/file_saver.py
3. Detection:
grep -r "execute(" /app/tool/ Find vulnerable calls
4. Mitigation Commands:
Audit file accesses auditctl -w /app/tool/file_saver.py -p war -k openmanus_cve
5. SELinux Policy:
Restrict module semanage permissive -d openmanus_file_saver
6. Log Monitoring:
tail -f /var/log/openmanus/access.log | grep "execute"
7. Network Controls:
iptables -A INPUT -j DROP -s 127.0.0.1 -p tcp --dport 5000 Block local API
8. Sandboxing:
Docker container docker run --read-only -v /safe/path:/app openmanus_patched
9. Vulnerability Scan:
nmap --script vuln -p 5000 127.0.0.1
10. Code Fix:
Patched execute() def execute(path, mode): if not is_authorized(path): raise PermissionError
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
