Cyber Resilience

CVE-2025-68952

CriticalRCE

Published: 27 December 2025

Published
27 December 2025
Modified
19 February 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0049 38.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68952 is a critical-severity Code Injection (CWE-94) vulnerability in Eigent Eigent. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-68952 is a 1-click remote code execution (RCE) vulnerability in Eigent, a multi-agent Workforce software. The issue affects version 0.0.60 and is classified under CWE-94 (Code Injection). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its network-accessible nature, low attack complexity, and lack of required privileges or user interaction.

An unauthenticated remote attacker can exploit this vulnerability through a specific 1-click interaction to execute arbitrary code on the victim's machine or server. Successful exploitation grants high-impact access, potentially compromising confidentiality, integrity, and availability by allowing full control over the affected system.

The vulnerability has been patched in Eigent version 0.0.61. Additional details on the issue and mitigation are available in the GitHub security advisory at https://github.com/eigent-ai/eigent/security/advisories/GHSA-pwcx-28p4-rmq4.

EU & UK References

Vulnerability details

Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution (RCE) vulnerability has been identified in Eigent. This vulnerability allows an attacker to execute arbitrary code on the victim's machine or server through a specific interaction (1-click).…

more

This issue has been patched in version 0.0.61.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote code execution vulnerability in public-facing workforce software directly enables exploitation of public-facing applications (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22869Same product: Eigent Eigent
CVE-2025-61196Shared CWE-94
CVE-2026-35194Shared CWE-94
CVE-2025-62521Shared CWE-94
CVE-2025-59954Shared CWE-94
CVE-2025-57141Shared CWE-94
CVE-2025-33042Shared CWE-94
CVE-2024-1490Shared CWE-94
CVE-2024-50704Shared CWE-94
CVE-2025-37164Shared CWE-94

Affected Assets

eigent
eigent
0.0.60

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through applying the patch in Eigent version 0.0.61 directly eliminates the specific RCE vulnerability.

prevent

Information input validation prevents code injection (CWE-94) by sanitizing untrusted inputs in the vulnerable 1-click interaction.

prevent

Memory protection mechanisms like ASLR and DEP mitigate arbitrary code execution resulting from successful injection exploits.

References