exploitDog

CVE-2025-51472

Опубликовано: 22 июл. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

Ссылки

https://github.com/TransformerOptimus/SuperAGI
Product
https://github.com/TransformerOptimus/SuperAGI/pull/1461
Exploit
Issue Tracking
https://www.gecko.security/blog/cve-2025-51472
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-72jx-rhg9-xgfw

CVSS3: 6.5

github

7 месяцев назад

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

EPSS

Процентиль: 14%

0.00045

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77