CVE-2025-8667

Name of the Vulnerable Software and Affected Versions SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2

Description A critical vulnerability exists in SkyworkAI DeepResearchAgent. The issue is an OS command injection within the from code, from dict, and from mcp functions of the src/tools/tools.py file. This allows for remote attacks. The exploit has been publicly disclosed. Continuous delivery with rolling releases is used, and no specific version details for affected or updated releases are available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.