CVE-2025-67511
BaseFortify
Publication date: 2025-12-11
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aliasrobotics | cybersecurity_ai | to 0.5.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized command execution on the host running the CAI framework, potentially leading to data compromise and system control. Such unauthorized access and data breaches can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. Therefore, the vulnerability poses a significant risk to compliance with these regulations. [2]
Can you explain this vulnerability to me?
This vulnerability is a Command Injection flaw in Cybersecurity AI (CAI) versions 0.5.9 and below. It occurs in the run_ssh_command_with_credentials() function, which is accessible to AI agents. While the function escapes password and command inputs to prevent shell injection, it does not properly escape the username, host, and port values, making them injectable and allowing an attacker to execute arbitrary commands.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing an attacker to execute arbitrary commands remotely without privileges, potentially leading to full system compromise. The CVSS score indicates high severity with impacts on confidentiality, integrity, and availability, meaning sensitive data could be exposed or altered, and system operations disrupted.
What immediate steps should I take to mitigate this vulnerability?
Since there is no fix available at the time of publication, immediate mitigation steps include restricting access to the run_ssh_command_with_credentials() function to trusted users only, avoiding use of untrusted input for username, host, and port parameters, and monitoring for suspicious activity involving these parameters. Additionally, consider isolating or limiting AI agents' capabilities to execute commands via SSH until a patch is released.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for usage of the vulnerable function run_ssh_command_with_credentials() in versions 0.5.9 and below of the Cybersecurity AI (CAI) framework. Specifically, look for SSH commands constructed with unsanitized username, host, or port parameters that could allow command injection. A practical detection method is to monitor or audit command executions or logs for suspicious SSH commands where the username, host, or port fields contain shell metacharacters or unexpected command sequences. Since the vulnerability involves injection via these parameters, you can attempt to test the system by injecting benign commands in these fields and observing if they get executed. For example, you might try running a command that uses the vulnerable function with a username containing a harmless injected command such as: `username='test; echo vulnerable > /tmp/testfile'` and then check if the file `/tmp/testfile` is created on the host running the CAI framework. However, no specific detection commands are provided in the resources. Therefore, detection involves manual or scripted inspection of the CAI framework usage and logs for suspicious SSH command constructions involving unescaped username, host, or port inputs. [2]