Description

Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.

INFO

Published Date :

2025-12-10T23:18:56.545Z

Last Modified :

2025-12-11T17:22:08.701Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-67511 vulnerability.

Vendors Products
Aliasrobotics
  • Cai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67511.

URL Resource
https://github.com/aliasrobotics/cai/commit/09ccb6e0baccf56c40e6cb429c698750843a999c cve-icon cve-icon
https://github.com/aliasrobotics/cai/security/advisories/GHSA-4c65-9gqf-4w8h cve-icon cve-icon
https://www.hacktivesecurity.com/blog/2025/12/10/cve-2025-67511-tricking-a-security-ai-agent-into-pwning-itself cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact