CVE-2025-51472

Name of the Vulnerable Software and Affected Versions TransformerOptimus SuperAGI version 0.0.14

Description A code injection issue exists in AgentTemplate.eval agent config within TransformerOptimus SuperAGI version 0.0.14. This allows remote attackers to execute arbitrary Python code by providing malicious values in agent template configurations, specifically within the goal, constraints, or instruction fields. The eval() function is used without validation during template loading or updates, enabling the execution of injected code.

Recommendations Update to a newer version of TransformerOptimus SuperAGI that addresses this issue. As a temporary workaround, avoid using untrusted or user-supplied input for the goal, constraints, or instruction fields in agent template configurations.