Cyber Resilience

CVE-2025-31692

HighRCE

Published: 31 March 2025

Published
31 March 2025
Modified
01 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0059 69.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31692 is a high-severity OS Command Injection (CWE-78) vulnerability in Drupal Artificial Intelligence. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-31692 is an OS Command Injection vulnerability (CWE-78) in the Drupal AI (Artificial Intelligence) module, stemming from improper neutralization of special elements used in OS commands. This flaw affects all versions of the module from 0.0.0 up to but not including 1.0.5. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact despite elevated attack complexity.

A low-privileged user (PR:L) can exploit this over the network (AV:N) without user interaction (UI:N), though it requires high attack complexity (AC:H) and does not change scope (S:U). Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability (C:I:A:H), enabling arbitrary OS command execution on the hosting server.

The Drupal security advisory at https://www.drupal.org/sa-contrib-2025-021 details the issue and mitigation, recommending an upgrade to Drupal AI version 1.0.5 or later to address the vulnerability.

This vulnerability is notable for affecting a Drupal module specifically designed for artificial intelligence functionalities, highlighting potential risks in AI-integrated web applications. No public information on real-world exploitation is available as of the CVE publication on 2025-03-31.

EU & UK References

Vulnerability details

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, artificial intelligence

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The OS Command Injection vulnerability in the Drupal AI module enables exploitation of a public-facing web application (T1190) and arbitrary OS command execution via command and scripting interpreters (T1059).

CVEs Like This One

CVE-2026-9082Same product class: CMS core
CVE-2025-31674Same product class: CMS core
CVE-2024-11816Same product class: CMS core
CVE-2025-1971Same product class: CMS core
CVE-2024-11635Same product class: CMS core
CVE-2025-60962Shared CWE-78
CVE-2026-6942Shared CWE-78
CVE-2025-23316Shared CWE-78
CVE-2026-30880Shared CWE-78
CVE-2025-64124Shared CWE-78

Affected Assets

drupal
artificial intelligence
≤ 1.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents OS command injection by requiring validation and proper neutralization of special elements in user inputs before processing OS commands.

prevent

SI-2 mandates timely flaw remediation, directly addressing this vulnerability through upgrading the Drupal AI module to version 1.0.5 or later.

prevent

SI-9 restricts the types and characteristics of inputs to block command injection payloads from low-privileged users.

References