CVE-2025-67511

Name of the Vulnerable Software and Affected Versions Cybersecurity AI (CAI) versions 0.5.9 and below

Description Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. The run ssh command with credentials() function, accessible to AI agents, is susceptible to Command Injection. While the password and command inputs are escaped to prevent shell injection, the username, host, and port values are injectable. This flaw allows attackers to manipulate backend routing logic by crafting malicious parameters, potentially gaining control over the system without authentication.

Recommendations Versions 0.5.9 and below: At the moment, there is no information about a newer version that contains a fix for this vulnerability.