Security Advisory

CVE-2025-62356

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-17 15:36:12

Last updated 2025-10-17 15:48:52

Assigner HiddenLayer

State PUBLISHED

Description

A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection.

← Browse all CVEs View on cve.org ↗