Cyber Resilience

CVE-2025-51472

MediumPublic PoC

Published: 22 July 2025

Published
22 July 2025
Modified
09 October 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0018 40.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-51472 is a medium-severity Command Injection (CWE-77) vulnerability in Superagi Superagi. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template…

more

loading or updates.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1221 Template Injection Stealth
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

The vulnerability is a code injection in SuperAGI agent templates via unsafe Python eval() on user-controlled inputs from API updates or marketplace, enabling exploitation of a public-facing application (T1190), template injection (T1221), and arbitrary Python code execution (T1059.006).

Affected Assets

superagi
superagi
0.0.14

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References