CVE-2025-1497
Published: 10 March 2025
Summary
CVE-2025-1497 is a critical-severity Code Injection (CWE-94) vulnerability in Mljar Plotai. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked in the top 9.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-1497 is a remote code execution vulnerability in PlotAI stemming from insufficient validation of output produced by large language models, which permits an attacker to execute arbitrary Python code. The affected component is the PlotAI application hosted in the mljar/plotai GitHub repository and is tracked under CWE-94 and CWE-77.
An unauthenticated attacker can exploit the flaw over the network with low complexity and no user interaction, resulting in full compromise of confidentiality, integrity, and availability on the target system. The CVSS 4.0 score of 9.3 reflects this critical impact.
Advisories published by CERT.pl note that the vendor has commented out the vulnerable code path and has no plans to issue a patch; continued use of the software requires users to re-enable the line and accept the risk. The associated GitHub commit shows the specific line that was disabled.
The EPSS score has remained flat at 0.0557 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7402
- 🇵🇱 CERT-PL: cert.pl
- 🇵🇱 CERT-PL: cert.pl
Vulnerability details
A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting…
more
it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- Classification Reason
- Matched keywords: llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability (CVE-2025-1497) is a command injection (CWE-77) flaw allowing arbitrary Python code execution due to unvalidated LLM-generated output, directly facilitating abuse of the Python interpreter (T1059.006).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of LLM-generated output prior to execution as Python code, preventing arbitrary code injection.
Restricts unnecessary functionality by disabling or avoiding use of the vulnerable LLM output execution feature, matching the vendor's commented-out line workaround.
Mandates timely flaw remediation through workarounds, custom validation, or feature avoidance in the absence of a vendor patch.