CVE-2025-51472

Exploit

EPSS 0.05%
Veröffentlicht 22.07.2025 00:00:00
Zuletzt bearbeitet 09.10.2025 16:09:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Superagi ≫ Superagi Version0.0.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://github.com/TransformerOptimus/SuperAGI

Product

https://github.com/TransformerOptimus/SuperAGI/pull/1461

Exploit

Issue Tracking

https://www.gecko.security/blog/cve-2025-51472

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-51472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-51472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-51472

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-51472