CVE-2025-31692
Published: 31 March 2025
Summary
CVE-2025-31692 is a high-severity OS Command Injection (CWE-78) vulnerability in Drupal Artificial Intelligence. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 39.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly prevents OS command injection by requiring validation and proper neutralization of special elements in user inputs before processing OS commands.
SI-2 mandates timely flaw remediation, directly addressing this vulnerability through upgrading the Drupal AI module to version 1.0.5 or later.
SI-9 restricts the types and characteristics of inputs to block command injection payloads from low-privileged users.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The OS Command Injection vulnerability in the Drupal AI module enables exploitation of a public-facing web application (T1190) and arbitrary OS command execution via command and scripting interpreters (T1059).
NVD Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
Deeper analysisAI
CVE-2025-31692 is an OS Command Injection vulnerability (CWE-78) in the Drupal AI (Artificial Intelligence) module, stemming from improper neutralization of special elements used in OS commands. This flaw affects all versions of the module from 0.0.0 up to but not including 1.0.5. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact despite elevated attack complexity.
A low-privileged user (PR:L) can exploit this over the network (AV:N) without user interaction (UI:N), though it requires high attack complexity (AC:H) and does not change scope (S:U). Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability (C:I:A:H), enabling arbitrary OS command execution on the hosting server.
The Drupal security advisory at https://www.drupal.org/sa-contrib-2025-021 details the issue and mitigation, recommending an upgrade to Drupal AI version 1.0.5 or later to address the vulnerability.
This vulnerability is notable for affecting a Drupal module specifically designed for artificial intelligence functionalities, highlighting potential risks in AI-integrated web applications. No public information on real-world exploitation is available as of the CVE publication on 2025-03-31.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability affects 'Drupal AI (Artificial Intelligence)', a module for the Drupal CMS platform that integrates AI capabilities, fitting under 'Other Platforms' as it is a web/content management platform extension for AI rather than a core DL/ML framework or specific AI subdomain.