CVE-2025-67511

CRITICAL

CAI Framework <= 0.5.9 - Command Injection via run_ssh_command_with_credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-67511. PoCs published by edoardottt.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2025-67511, demonstrated through PNG files that likely encode malicious payloads or exploit vectors. The presence of multiple PoC images suggests a visual or image-based attack vector, possibly targeting image processing libraries or applications.

Description

Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.

Exploits (1)

nomisec WORKING POC 2 stars

by edoardottt · poc

https://github.com/edoardottt/CVE-2025-67511

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-67511, demonstrated through PNG files that likely encode malicious payloads or exploit vectors. The presence of multiple PoC images suggests a visual or image-based attack vector, possibly targeting image processing libraries or applications.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: unknown (likely image processing software)

No auth needed

Prerequisites: vulnerable image processing software · ability to deliver crafted PNG files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Jun 14, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://github.com/aliasrobotics/cai/security/advisories/GHSA-4c65-9gqf-4w8h

Patch x_refsource_misc

https://github.com/aliasrobotics/cai/commit/09ccb6e0baccf56c40e6cb429c698750843a999c

View Patch ZIP pw:eip

Various Sources x_refsource_misc

https://www.hacktivesecurity.com/blog/2025/12/10/cve-2025-67511-tricking-a-security-ai-agent-into-pwning-itself

Scores

CVSS v3 9.6

EPSS 0.0152

EPSS Percentile 71.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (3)

aliasrobotics/cai <= 0.5.9

aliasrobotics/cybersecurity_ai < 0.5.9

pypi/cai-framework 0PyPI

Published Dec 11, 2025

Tracked Since Feb 18, 2026