cbcvebase.
CVE-2025-67511
published 2025-12-11

CVE-2025-67511: Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are…

PriorityP265critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
1.80%
75.7th percentile
Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.

Affected

2 ranges
VendorProductVersion rangeFixed in
aliasroboticscai<= 0.5.9
aliasroboticscybersecurity_ai<= 0.5.9
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.