PT-2025-12695 · Mannaandpoem · Openmanus

S0L42

Published

2025-03-24

Updated

2025-03-25

CVE-2025-2733

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mannaandpoem OpenManus versions up to 2025.3.13

Description A critical issue has been discovered, affecting the Prompt Handler component, specifically the file app/tool/python execute.py. This issue leads to os command injection and can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For mannaandpoem OpenManus versions up to 2025.3.13, as a temporary workaround, consider restricting access to the python execute.py file until a patch is available. Avoid using the python execute.py functionality in the Prompt Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2025-2733

Affected Products

Openmanus

PT-2025-12695 · Mannaandpoem · Openmanus

CVE-2025-2733

Weakness Enumeration

Related Identifiers

Affected Products

References · 9