CVE-2025-68952

CriticalRCE

Published: 27 December 2025

Published

27 December 2025

Modified

19 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0049 65.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68952 is a critical-severity Code Injection (CWE-94) vulnerability in Eigent Eigent. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation through applying the patch in Eigent version 0.0.61 directly eliminates the specific RCE vulnerability.

SI-10 Information Input Validation good match

prevent

Information input validation prevents code injection (CWE-94) by sanitizing untrusted inputs in the vulnerable 1-click interaction.

SI-16 Memory Protection partial match

prevent

Memory protection mechanisms like ASLR and DEP mitigate arbitrary code execution resulting from successful injection exploits.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote code execution vulnerability in public-facing workforce software directly enables exploitation of public-facing applications (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution (RCE) vulnerability has been identified in Eigent. This vulnerability allows an attacker to execute arbitrary code on the victim's machine or server through a specific interaction (1-click).…

This issue has been patched in version 0.0.61.

Deeper analysisAI

CVE-2025-68952 is a 1-click remote code execution (RCE) vulnerability in Eigent, a multi-agent Workforce software. The issue affects version 0.0.60 and is classified under CWE-94 (Code Injection). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its network-accessible nature, low attack complexity, and lack of required privileges or user interaction.

An unauthenticated remote attacker can exploit this vulnerability through a specific 1-click interaction to execute arbitrary code on the victim's machine or server. Successful exploitation grants high-impact access, potentially compromising confidentiality, integrity, and availability by allowing full control over the affected system.

The vulnerability has been patched in Eigent version 0.0.61. Additional details on the issue and mitigation are available in the GitHub security advisory at https://github.com/eigent-ai/eigent/security/advisories/GHSA-pwcx-28p4-rmq4.