Search criteria
6 vulnerabilities found for artificial_intelligence by drupal
FKIE_CVE-2025-31692
Vulnerability from fkie_nvd - Published: 2025-03-31 22:15 - Updated: 2025-05-01 14:36
Severity ?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
References
| URL | Tags | ||
|---|---|---|---|
| mlhess@drupal.org | https://www.drupal.org/sa-contrib-2025-021 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | artificial_intelligence | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:artificial_intelligence:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "302F693F-2E72-44ED-AC23-F7A8A7CAA82D",
"versionEndExcluding": "1.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo (\u0027Inyecci\u00f3n de comando del sistema operativo\u0027) en Drupal AI (Artificial Intelligence) permite la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a AI (Inteligencia Artificial): desde 0.0.0 antes de 1.0.5."
}
],
"id": "CVE-2025-31692",
"lastModified": "2025-05-01T14:36:25.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-31T22:15:21.873",
"references": [
{
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2025-021"
}
],
"sourceIdentifier": "mlhess@drupal.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "mlhess@drupal.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-31693
Vulnerability from fkie_nvd - Published: 2025-03-31 22:15 - Updated: 2025-04-15 14:58
Severity ?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
References
| URL | Tags | ||
|---|---|---|---|
| mlhess@drupal.org | https://www.drupal.org/sa-contrib-2025-022 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | artificial_intelligence | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:artificial_intelligence:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "302F693F-2E72-44ED-AC23-F7A8A7CAA82D",
"versionEndExcluding": "1.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo (\u0027Inyecci\u00f3n de comando del sistema operativo\u0027) en Drupal AI (Artificial Intelligence) permite la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a AI (Inteligencia Artificial): desde 0.0.0 antes de 1.0.5."
}
],
"id": "CVE-2025-31693",
"lastModified": "2025-04-15T14:58:25.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-31T22:15:21.983",
"references": [
{
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2025-022"
}
],
"sourceIdentifier": "mlhess@drupal.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "mlhess@drupal.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-31693 (GCVE-0-2025-31693)
Vulnerability from cvelistv5 – Published: 2025-03-31 21:51 – Updated: 2025-04-03 17:24
VLAI?
Title
AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
Severity ?
6.6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | AI (Artificial Intelligence) |
Affected:
0.0.0 , < 1.0.5
(semver)
|
Credits
Drew Webber (mcdruid)
Marcus Johansson (marcus_johansson)
Drew Webber (mcdruid)
Drew Webber (mcdruid)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T17:23:57.837085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:24:33.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/ai",
"defaultStatus": "unaffected",
"product": "AI (Artificial Intelligence)",
"repo": "https://git.drupalcode.org/project/ai",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Marcus Johansson (marcus_johansson)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
}
],
"datePublic": "2025-03-05T17:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T21:51:17.459Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-022"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-31693",
"datePublished": "2025-03-31T21:51:17.459Z",
"dateReserved": "2025-03-31T21:30:25.064Z",
"dateUpdated": "2025-04-03T17:24:33.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31692 (GCVE-0-2025-31692)
Vulnerability from cvelistv5 – Published: 2025-03-31 21:50 – Updated: 2025-04-03 17:23
VLAI?
Title
AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
Severity ?
7.5 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | AI (Artificial Intelligence) |
Affected:
0.0.0 , < 1.0.5
(semver)
|
Credits
Drew Webber (mcdruid)
Marcus Johansson (marcus_johansson)
Drew Webber (mcdruid)
Michal Gow (seogow)
Drew Webber (mcdruid)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T17:21:48.256020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:23:24.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/ai",
"defaultStatus": "unaffected",
"product": "AI (Artificial Intelligence)",
"repo": "https://git.drupalcode.org/project/ai",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Marcus Johansson (marcus_johansson)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Michal Gow (seogow)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
}
],
"datePublic": "2025-03-05T17:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T21:50:34.673Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-31692",
"datePublished": "2025-03-31T21:50:34.673Z",
"dateReserved": "2025-03-31T21:30:15.360Z",
"dateUpdated": "2025-04-03T17:23:24.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31693 (GCVE-0-2025-31693)
Vulnerability from nvd – Published: 2025-03-31 21:51 – Updated: 2025-04-03 17:24
VLAI?
Title
AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
Severity ?
6.6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | AI (Artificial Intelligence) |
Affected:
0.0.0 , < 1.0.5
(semver)
|
Credits
Drew Webber (mcdruid)
Marcus Johansson (marcus_johansson)
Drew Webber (mcdruid)
Drew Webber (mcdruid)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T17:23:57.837085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:24:33.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/ai",
"defaultStatus": "unaffected",
"product": "AI (Artificial Intelligence)",
"repo": "https://git.drupalcode.org/project/ai",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Marcus Johansson (marcus_johansson)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
}
],
"datePublic": "2025-03-05T17:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T21:51:17.459Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-022"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-31693",
"datePublished": "2025-03-31T21:51:17.459Z",
"dateReserved": "2025-03-31T21:30:25.064Z",
"dateUpdated": "2025-04-03T17:24:33.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31692 (GCVE-0-2025-31692)
Vulnerability from nvd – Published: 2025-03-31 21:50 – Updated: 2025-04-03 17:23
VLAI?
Title
AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
Severity ?
7.5 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | AI (Artificial Intelligence) |
Affected:
0.0.0 , < 1.0.5
(semver)
|
Credits
Drew Webber (mcdruid)
Marcus Johansson (marcus_johansson)
Drew Webber (mcdruid)
Michal Gow (seogow)
Drew Webber (mcdruid)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T17:21:48.256020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:23:24.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/ai",
"defaultStatus": "unaffected",
"product": "AI (Artificial Intelligence)",
"repo": "https://git.drupalcode.org/project/ai",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Marcus Johansson (marcus_johansson)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Michal Gow (seogow)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
}
],
"datePublic": "2025-03-05T17:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T21:50:34.673Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-31692",
"datePublished": "2025-03-31T21:50:34.673Z",
"dateReserved": "2025-03-31T21:30:15.360Z",
"dateUpdated": "2025-04-03T17:23:24.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}