CVE-2025-6193

Name of the Vulnerable Software and Affected Versions: TrustyAI Explainability toolkit (affected versions not specified)

Description: A command injection issue was discovered in the TrustyAI Explainability toolkit. This issue allows arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) to be executed in the LMEvalJob pod's terminal. The issue can be exploited by a user with permissions to deploy a CR via a maliciously crafted LMEvalJob.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.