Cyber Posture

CVE-2025-46066

Critical

Published: 12 January 2026

Published
12 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0020 41.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-46066 is a critical-severity Improper Handling of Insufficient Permissions or Privileges (CWE-280) vulnerability in Automai Director. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 41.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely flaw remediation, directly addressing CVE-2025-46066 by applying vendor patches to fix the privilege escalation vulnerability in Automai Director v25.2.0.

AC-6 Least Privilege good match
prevent

AC-6 enforces the principle of least privilege, preventing low-privileged remote attackers from escalating privileges due to improper handling of credentials as in this CVE.

AC-3 Access Enforcement good match
prevent

AC-3 mandates enforcement of approved access authorizations, countering the improper privilege handling that enables remote escalation in CVE-2025-46066.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The CVE is explicitly a privilege escalation vulnerability (CWE-280) exploitable remotely with low privileges (PR:L), directly enabling T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

Deeper analysisAI

CVE-2025-46066 is a privilege escalation vulnerability affecting Automai Director version 25.2.0. The issue, classified under CWE-280 (Improper Handling of Insufficient Privileges or Credentials), enables a remote attacker to escalate privileges. It has a CVSS v3.1 base score of 9.9 (Critical), with the vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, low privileges required for initial access, no user interaction needed, a change in scope, and high impact on confidentiality, integrity, and availability.

A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network without user interaction. Successful exploitation allows privilege escalation, potentially leading to full system compromise given the high impact ratings and scope change (S:C), enabling unauthorized high-level access, data exfiltration, modification, or disruption.

Mitigation details are available in advisories from ZeroBreach-GmbH at https://gist.github.com/ZeroBreach-GmbH/4e325d09d08e16efb506076da2184f42 and on the vendor site at https://www.automai.com/. The vulnerability was published on 2026-01-12T17:15:50.700.

Details

CWE(s)
CWE-280

Affected Products

automai
director
25.2.0

CVEs Like This One

CVE-2025-46067Same product: Automai Director
CVE-2025-46068Same product: Automai Director
CVE-2026-27910Shared CWE-280
CVE-2026-0047Shared CWE-280
CVE-2026-23857Shared CWE-280
CVE-2026-2123Shared CWE-280
CVE-2024-51459Shared CWE-280
CVE-2025-22395Shared CWE-280
CVE-2026-20817Shared CWE-280
CVE-2025-46070Same vendor: Automai

References