PT-2025-21630 · Unknown · Defog-Ai Introspect
Ybdesire
·
Published
2025-05-16
·
Updated
2025-05-17
·
CVE-2025-4767
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
defog-ai introspect versions up to 0.1.4
Description:
A critical issue affects the function
test custom tool of the file introspect/backend/integration routes.py of the component Test Endpoint. The manipulation of the argument input model leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.Recommendations:
For defog-ai introspect versions up to 0.1.4, consider disabling the
test custom tool function until a patch is available.
Restrict access to the introspect/backend/integration routes.py file to minimize the risk of exploitation.
Avoid using the input model argument in the affected Test Endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Code Injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Defog-Ai Introspect