cvedb.io
CVE-2025-67511
CRITICAL · CVSS 9.6
EPSS exploitation probability: 0%
Published 2025-12-11T00:16:22.907 · Last modified 2026-06-17T09:57:46.037

Summary

Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.

Affected products

aliasrobotics — cybersecurity_ai

Does this affect you?

Add your gear to cvedb and we'll alert you only when aliasrobotics ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.