Cyber Posture

CVE-2025-46067

High

Published: 12 January 2026

Published
12 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0006 18.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-46067 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability in Automai Director. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the vulnerability by requiring timely installation of patches or updates for Automai Director to remediate the privilege escalation flaw.

SI-10 Information Input Validation good match
prevent

Enforces validation of inputs such as crafted JavaScript files to prevent remote exploitation leading to privilege escalation and sensitive information disclosure.

AC-3 Access Enforcement partial match
prevent

Mandates enforcement of access control policies to block unauthorized privilege escalation even if a crafted JS file is processed.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Remote unauthenticated network exploitation of public-facing app directly maps to T1190; resulting privilege escalation matches T1068. JS file delivery suggests possible scripting interpreter use but is not explicit enough for inclusion.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file

Deeper analysisAI

CVE-2025-46067 is a vulnerability affecting Automai Director version 25.2.0, where an issue allows a remote attacker to escalate privileges and obtain sensitive information via a crafted JavaScript file. Published on 2026-01-12, it carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) and maps to CWE-259.

The vulnerability can be exploited by a remote attacker requiring no privileges, user interaction, or special access, over the network with low attack complexity. Successful exploitation results in privilege escalation and access to sensitive information, yielding high confidentiality impact and low integrity impact, with no availability impact.

Mitigation details are available in advisories at https://gist.github.com/ZeroBreach-GmbH/98204cff0065e611cf9e9acc3be59e03 and vendor resources at https://www.automai.com/.

Details

CWE(s)
CWE-259

Affected Products

automai
director
25.2.0

CVEs Like This One

CVE-2025-46066Same product: Automai Director
CVE-2025-46068Same product: Automai Director
CVE-2025-46070Same vendor: Automai
CVE-2025-70041Shared CWE-259
CVE-2025-59388Shared CWE-259
CVE-2025-1100Shared CWE-259
CVE-2025-25428Shared CWE-259
CVE-2025-2402Shared CWE-259
CVE-2024-48831Shared CWE-259
CVE-2025-70802Shared CWE-259

References