CVE-2025-31693
MEDIUM6.6EPSS 0.34%Drupal AI Vulnerable to OS Command Injection
Published: 3/5/2025Modified: 12/10/2025
Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
Affected packages (2)
- Packagist/drupal/aifrom 0, < 1.0.5
- Packagist/drupal/aifrom 0, < 1.0.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
| osv | CVSS 3.1 | MEDIUM6.6 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |