CVE-2025-4032
Published: 28 April 2025
Summary
CVE-2025-4032 is a low-severity Command Injection (CWE-77) vulnerability in Inclusionai Aworld. Its CVSS base score is 2.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability rated critical exists in inclusionAI AWorld up to commit 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It resides in the subprocess.run and subprocess.Popen calls inside AWorld/aworld/virtual_environments/terminals/shell_tool.py and permits OS command injection, tracked under CWE-77 and CWE-78. The product does not use conventional versioning, so no affected or fixed release identifiers are available.
An authenticated remote attacker can trigger the flaw, though the attack requires high complexity and is considered difficult to exploit. Successful abuse yields limited impacts on local confidentiality, integrity, and availability without affecting other systems.
Public references consist of GitHub issue threads and Vuldb entries that disclose the flaw and proof-of-concept details but contain no explicit patch or configuration guidance. The EPSS score rose from a baseline of 0.0178 to a peak of 0.0308, indicating measurable post-disclosure interest in exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14313
Vulnerability details
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/terminals/shell_tool.py. The manipulation leads to os command injection. The attack may be initiated remotely. The…
more
complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection via subprocess with shell=True enables exploitation of public-facing application (T1190) for remote arbitrary Unix shell command execution (T1059.004) using indirect command execution (T1202).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.