CVE-2025-67511
published 2025-12-11CVE-2025-67511: Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are…
PriorityP265critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
1.80%
75.7th percentile
Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aliasrobotics | cai | <= 0.5.9 | — |
| aliasrobotics | cybersecurity_ai | <= 0.5.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
osv·2025-12-09
CVE-2025-67511 [CRITICAL] Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
### Summary
A command injection vulnerability is present in the function tool `run_ssh_command_with_credentials()` available to AI agents.
### Details
This is the source code of the function tool `run_ssh_command_with_credentials()` ([code](https://github.com/aliasrobotics/cai/blob/0.5.9/src/cai/tools/command_and_control/sshpass.py#L20)):
```python
@function_tool
def run_ssh_command_with_credentials(
host: str,
username: str,
password: str,
command: str,
port: int = 22) -> str:
"""
Execute a command on a remote host via SSH using password authentication.
Args:
host: Remote host address
username: SSH username
password: SSH password
command: Command to execute on remote host
port: SSH
GHSA
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
ghsa·2025-12-09
CVE-2025-67511 [CRITICAL] CWE-77 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
### Summary
A command injection vulnerability is present in the function tool `run_ssh_command_with_credentials()` available to AI agents.
### Details
This is the source code of the function tool `run_ssh_command_with_credentials()` ([code](https://github.com/aliasrobotics/cai/blob/0.5.9/src/cai/tools/command_and_control/sshpass.py#L20)):
```python
@function_tool
def run_ssh_command_with_credentials(
host: str,
username: str,
password: str,
command: str,
port: int = 22) -> str:
"""
Execute a command on a remote host via SSH using password authentication.
Args:
host: Remote host address
username: SSH username
password: SSH password
command: Command to execute on remote host
port: SSH
No detection rules found.
No public exploits indexed.
2025-12-11
Published