cbcvebase.
CVE-2025-51482
published 2025-07-22

CVE-2025-51482: Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary…

PriorityP180high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
1.86%
76.6th percentile
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions.

Affected

1 ranges
VendorProductVersion rangeFixed in
lettaletta

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /v1/tools/run
path/v1/tools/run
versionletta 0.7.12
  • Monitor HTTP POST requests to /v1/tools/run containing a 'source_code' field with embedded Python import statements (e.g., 'import os', 'import subprocess') or OS command execution patterns, which indicate sandbox bypass attempts.
  • Detect POST /v1/tools/run requests with Content-Type: application/json where the JSON body contains a 'source_code' key — this is the attack vector for CVE-2025-51482 RCE.
  • Use FOFA query 'title="Letta"' to identify exposed Letta instances potentially vulnerable to CVE-2025-51482.
  • A successful exploitation response returns HTTP 200 with Content-Type: application/json and a body containing the key 'tool_return' — use this to confirm RCE via the /v1/tools/run endpoint.
  • ·The vulnerability is unauthenticated (PR:N) — no credentials are required to reach the /v1/tools/run endpoint in the affected version, meaning any network-accessible Letta 0.7.12 instance is at risk.
  • ·The sandbox bypass is achieved by supplying arbitrary Python source code in the 'source_code' field of the JSON body — the intended sandbox restrictions in letta.server.rest_api.routers.v1.tools.run_tool_from_source are insufficient.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.