CVE-2025-1497
Published: 10 March 2025
Description
Adversaries may abuse Python commands and scripts for execution.
Security Summary
CVE-2025-1497, published on 2025-03-10, is a critical remote code execution (RCE) vulnerability (CVSS 9.8; CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in PlotAI, an open-source software library. The flaw arises from a lack of validation on LLM-generated output, enabling the execution of arbitrary Python code and mapping to CWE-94 (code injection) and CWE-77 (command injection).
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to achieve full RCE, compromising confidentiality, integrity, and availability with high impact on affected systems.
Advisories from cert.pl and the PlotAI GitHub repository detail that the vendor has commented out the vulnerable line (commit bdcfb13484f0b85703a4c1ddfd71cb21840e7fde), rendering the feature inactive. Further usage requires manually uncommenting the line and accepting the associated risk, as the vendor does not plan to release a patch.
This vulnerability underscores risks in AI/ML workflows dependent on unvalidated LLM outputs, with no reported real-world exploitation at the time of publication.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Other Platforms
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- PlotAI is an AI software product from MLJAR that uses LLMs to generate Python plotting code, which is executed without validation, leading to RCE. It fits as an other AI platform/tool leveraging generative AI.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability (CVE-2025-1497) is a command injection (CWE-77) flaw allowing arbitrary Python code execution due to unvalidated LLM-generated output, directly facilitating abuse of the Python interpreter (T1059.006).