CVE-2025-31692

EPSS 0.58%

Drupal AI Vulnerable to OS Command Injection via Optional Automator Types

Published: 3/5/2025Modified: 12/10/2025

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

Affected packages (2)

Packagist/drupal/aifrom 0, < 1.0.5
Packagist/drupal/aifrom 0, < 1.0.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-31692
PATCHhttps://git.drupalcode.org/project/ai
WEBhttps://www.drupal.org/sa-contrib-2025-021