CVE-2025-12345
Published: 03 March 2026
Summary
CVE-2025-12345 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-12345 is a buffer overflow vulnerability affecting LLM-Claw versions 0.1.0, 0.1.1, 0.1.1a, and 0.1.1a-p1. The issue resides in the agent_deploy_init function within the file /agents/deploy/initiate.c of the Agent Deployment component. Manipulation of this function triggers the buffer overflow, as documented in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input). The vulnerability was published on 2026-03-03 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.
The vulnerability is remotely exploitable over the network with low complexity and no user interaction required, but it does necessitate low privileges (PR:L) for successful exploitation. An attacker with such access could manipulate the affected function to trigger the buffer overflow, potentially achieving high impacts on confidentiality, integrity, and availability. This could enable arbitrary code execution, data corruption, or denial of service on the targeted system.
Advisories, including those from VulDB (https://vuldb.com/?ctiid.348531 and https://vuldb.com/?id.348531), recommend applying a vendor-provided patch to remediate the issue.
LLM-Claw's focus on agent deployment suggests relevance to AI/ML environments, where autonomous agents powered by large language models may be deployed, potentially exposing infrastructure to this flaw in early versions. No real-world exploitation has been reported.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208226
Vulnerability details
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. A…
more
patch should be applied to remediate this issue.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow vulnerability remotely exploitable with low privileges (PR:L), enabling arbitrary code execution for privilege escalation (T1068) and exploitation of remote services (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely identification, reporting, and remediation of software flaws like this buffer overflow via vendor patches.
Implements memory protection mechanisms such as stack guards, non-executable memory, and address space randomization to block buffer overflow exploitation.
Requires input validation at the agent_deploy_init function interface to restrict operations within memory buffer bounds and prevent overflow from manipulated data.