Cyber Posture

CVE-2025-46068

High

Published: 12 January 2026

Published
12 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0046 64.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-46068 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Automai Director. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 35.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the arbitrary code execution vulnerability by requiring timely identification, reporting, and remediation through patching the flawed update mechanism.

SI-10 Information Input Validation good match
prevent

Validates inputs to the update mechanism to prevent unrestricted upload of arbitrary executable code as associated with CWE-434.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Verifies the integrity of software updates to prevent and detect unauthorized modifications that could enable remote arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Arbitrary code execution vulnerability in remote update mechanism enables exploitation of remote services for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism

Deeper analysisAI

CVE-2025-46068 is an arbitrary code execution vulnerability affecting Automai Director version 25.2.0. The flaw resides in the update mechanism, enabling a remote attacker to execute arbitrary code. It is associated with CWE-434 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-01-12.

A remote attacker with low privileges can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially compromising the affected system fully.

Mitigation details are available in related advisories, including the report at https://gist.github.com/ZeroBreach-GmbH/00ea6cce1299e1d999b5d1faac4248f1 and the vendor's site at https://www.automai.com/.

Details

CWE(s)
CWE-434

Affected Products

automai
director
25.2.0

CVEs Like This One

CVE-2025-46066Same product: Automai Director
CVE-2025-46067Same product: Automai Director
CVE-2025-46070Same vendor: Automai
CVE-2024-44598Shared CWE-434
CVE-2025-10907Shared CWE-434
CVE-2025-13590Shared CWE-434
CVE-2025-23213Shared CWE-434
CVE-2025-54440Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-7063Shared CWE-434

References