BUG_Author: s0l42
Affected Version: Openmanus ≤ 2025.3.13
Vendor: Openmanus GitHub Repository
Software: Openmanus
Vulnerability Files:
app/tool/file_saver.pyTips: LLM we use is local deployed by LM Studio, it’s a model distilled from a base model. It’s not a LLM’s vulnerabilities, but a vulnerability of OpenManus. For detail, please seeing part Analysis.
Arbitrary File Writing in Openmanus ≤ 2025.3.13, when users use prompt to ask OpenManus to write a file to a target directory, it will write what users type without any check. The prompt are as follows:
write the string "pwned!" to the file D:\\\\testmanus\\test.txt, if the file or directory does not exist, create it, do not use tool python_execute, use file_saver, you need
not to execute the code, just write the code to file. plz use English to answer.
If success, the file test.txt will be created and “pwned!” will be written into file.
The log of OpenManus shows, it uses tool file_saver to generate a file and writes contents we give to the file successfully.
From the code, we could see the OpenManus use os.makedirs and file.write without any check, which causes a vulnerability, attacker can write any content to any path in os.
