Cyber Resilience

CVE-2025-1497

CriticalRCE

Published: 10 March 2025

Published
10 March 2025
Modified
03 October 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0557 90.5th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1497 is a critical-severity Code Injection (CWE-94) vulnerability in Mljar Plotai. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked in the top 9.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1497 is a remote code execution vulnerability in PlotAI stemming from insufficient validation of output produced by large language models, which permits an attacker to execute arbitrary Python code. The affected component is the PlotAI application hosted in the mljar/plotai GitHub repository and is tracked under CWE-94 and CWE-77.

An unauthenticated attacker can exploit the flaw over the network with low complexity and no user interaction, resulting in full compromise of confidentiality, integrity, and availability on the target system. The CVSS 4.0 score of 9.3 reflects this critical impact.

Advisories published by CERT.pl note that the vendor has commented out the vulnerable code path and has no plans to issue a patch; continued use of the software requires users to re-enable the line and accept the risk. The associated GitHub commit shows the specific line that was disabled.

The EPSS score has remained flat at 0.0557 with no material increase since disclosure.

EU & UK References

Vulnerability details

A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting…

more

it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
LLM01:2025 Prompt Injection
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

The vulnerability (CVE-2025-1497) is a command injection (CWE-77) flaw allowing arbitrary Python code execution due to unvalidated LLM-generated output, directly facilitating abuse of the Python interpreter (T1059.006).

CVEs Like This One

CVE-2026-22807Shared CWE-94
CVE-2026-31236Shared CWE-94
CVE-2025-69872Shared CWE-94
CVE-2026-31217Shared CWE-94
CVE-2026-0863Shared CWE-94
CVE-2026-33233Shared CWE-94
CVE-2026-45311Shared CWE-94
CVE-2023-49565Shared CWE-77
CVE-2026-8838Shared CWE-94
CVE-2026-26216Shared CWE-94

Affected Assets

mljar
plotai
≤ 0.0.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of LLM-generated output prior to execution as Python code, preventing arbitrary code injection.

prevent

Restricts unnecessary functionality by disabling or avoiding use of the vulnerable LLM output execution feature, matching the vendor's commented-out line workaround.

preventrecover

Mandates timely flaw remediation through workarounds, custom validation, or feature avoidance in the absence of a vendor patch.

References