- Description
- In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api/<string-chat>/message endpoint, manipulating the content of the ‘content’ parameter.
- Source
- cve-coordination@incibe.es
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cve-coordination@incibe.es
- CWE-94
- Hype score
- Not currently trending
🚨 CVE-2025-3579 ⚠️🔴 CRITICAL (9.3) 🏢 AiDex - AiDex 🏗️ 0 🔗 https://t.co/TMq22dY2ZS #CyberCron #VulnAlert #InfoSec https://t.co/hwSEdErk50
@cybercronai
15 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3579: CRITICAL] Beware of Prompt Injection attacks in Aidex 1.7! An authenticated malicious user can execute unauthorized commands through the /api/<string-chat>/message endpoint, exploiting an open regi...#cybersecurity,#vulnerability https://t.co/fCG14GMYlS http
@CveFindCom
15 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes