CVE-2025-3579

Name of the Vulnerable Software and Affected Versions Aidex versions prior to 1.7

Description The issue allows an authenticated malicious user to execute unauthorized commands within the system by exploiting an open registry. This can include executing operating system commands, interacting with internal services such as PHP or MySQL, and invoking native functions of the framework used, like Laravel or Symfony. The execution is achieved through Prompt Injection attacks via the "/api//message" endpoint, by manipulating the content of the content parameter.

Recommendations For versions prior to 1.7, consider updating to version 1.7 or later to resolve the issue. As a temporary workaround, restrict access to the "/api//message" endpoint to minimize the risk of exploitation. Additionally, avoid using the content parameter in the affected API endpoint until the issue is resolved.