CVE-2025-51472
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-10-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| superagi | superagi | 0.0.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a code injection flaw in the AgentTemplate.eval_agent_config function of TransformerOptimus SuperAGI 0.0.14. It allows remote attackers to execute arbitrary Python code by supplying malicious values in agent template configuration fields such as goal, constraints, or instruction. These fields are evaluated using Python's eval() function without proper validation during template loading or updates, enabling the execution of harmful code.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary Python code remotely on the affected system. This can lead to unauthorized access, data theft, system compromise, or disruption of services depending on the privileges of the executed code.