CVE-2025-0868 - Remote Code Execution in DocsGPT via /api/remote and Unsafe JSON Parsing

Summary:
A critical vulnerability (CVE-2025-0868) has been found in popular open-source documentation assistant DocsGPT, versions .8.1 through .12.. If you're running an affected version, attackers can remotely run Python code on your server due to unsafe use of eval() for parsing JSON in the /api/remote API endpoint.

Below we break down what happened, show the risky code, provide a simple exploit example, and give direct advice and references. Please patch your systems immediately.

What is DocsGPT?

DocsGPT is an AI-powered assistant that helps users find answers within documentation. It's widely used as a self-hosted tool in teams, organizations, and by developers.

About the Vulnerability

When you use DocsGPT's /api/remote endpoint, it expects to receive JSON-format data. However, in affected versions, the developer made a big mistake: instead of safely parsing the incoming data as JSON, they used the Python built-in function eval():

data = eval(request.data)

If you send a malicious payload, eval() will execute it directly, allowing remote code execution (RCE).

Impact:
Any attacker who can access this endpoint can run arbitrary Python code on your server, with the same permissions as the DocsGPT process.

Here's a simplified version of the vulnerable code

from flask import Flask, request

app = Flask(__name__)

@app.route('/api/remote', methods=['POST'])
def remote():
    # VULNERABLE: Using eval to parse incoming data
    data = eval(request.data)
    # Use data (not shown)
    return "OK"

Using eval() in this way is dangerous. Attackers just need to POST malicious data.

Let's see how an attacker would exploit this

POST /api/remote HTTP/1.1
Host: victim.com
Content-Type: application/json
Content-Length: 45

__import__('os').system('touch /tmp/hacked')

What happens:

Instead of regular JSON, the attacker sends a Python command.

- eval() executes it, touching a file /tmp/hacked on your server—proof of code execution.

With a little more creativity, the attacker could open reverse shells, steal environment secrets, or delete data!

How to Fix

Patch:

Upgrade DocsGPT to version .12.1 or later as soon as possible.

Manual mitigation:

Example

import json

@app.route('/api/remote', methods=['POST'])
def remote():
    data = json.loads(request.data)
    # Safely use 'data'

Additional advice:

Official advisory:

DocsGPT Security Advisory for CVE-2025-0868

DocsGPT repository:

https://github.com/arc53/DocsGPT

Common Python Security Gotchas:

https://realpython.com/python-security/

Summary Table

| Vulnerability | CVE-2025-0868 |
|---------------|---------------|
| Affected | DocsGPT .8.1 - .12. |
| Impact | Remote Code Execution (RCE) |
| Exploitable | Yes, via /api/remote endpoint |
| Fixed in | .12.1 |
| Attack Vector | Network (HTTP POST) |

Final Thoughts

If you're running DocsGPT, check your version and update immediately. This bug allows full server compromise by anyone who can reach your /api/remote endpoint. Never use eval() on user input, and keep your dependencies up to date!

For more details and updates, check the official DocsGPT advisory. Stay safe!

Timeline

Published on: 02/20/2025 12:15:10 UTC
Last modified on: 10/03/2025 09:15:36 UTC