CVE-2025-31693

{"id": "CVE-2025-31693", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2025-03-31T22:15:21.983", "references": [{"url": "https://www.drupal.org/sa-contrib-2025-022", "tags": ["Vendor Advisory"], "source": "mlhess@drupal.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "mlhess@drupal.org", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') en Drupal AI (Artificial Intelligence) permite la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a AI (Inteligencia Artificial): desde 0.0.0 antes de 1.0.5."}], "lastModified": "2025-04-15T14:58:25.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:artificial_intelligence:*:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "302F693F-2E72-44ED-AC23-F7A8A7CAA82D", "versionEndExcluding": "1.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "mlhess@drupal.org"}