CVE-2025-3579

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api/<string-chat>/message endpoint, manipulating the content of the ‘content’ parameter.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-aidex

Configurations

No configuration.

History

15 Apr 2025, 18:39

Type	Values Removed	Values Added
Summary		(es) En versiones anteriores a Aidex 1.7, un usuario malicioso autenticado, aprovechando un registro abierto, podía ejecutar comandos no autorizados dentro del sistema. Esto incluía ejecutar comandos del sistema operativo (Unix), interactuar con servicios internos como PHP o MySQL, e incluso invocar funciones nativas del framework utilizado, como Laravel o Symfony. Esta ejecución se logra mediante ataques de inyección de mensajes a través del endpoint /api//message, manipulando el contenido del parámetro 'content'.

15 Apr 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-15 09:15

Updated : 2025-04-15 18:39

NVD link : CVE-2025-3579

Mitre link : CVE-2025-3579

CVE.ORG link : CVE-2025-3579

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-3579", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-15T09:15:13.950", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-aidex", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api/<string-chat>/message endpoint, manipulating the content of the \u2018content\u2019 parameter."}, {"lang": "es", "value": "En versiones anteriores a Aidex 1.7, un usuario malicioso autenticado, aprovechando un registro abierto, pod\u00eda ejecutar comandos no autorizados dentro del sistema. Esto inclu\u00eda ejecutar comandos del sistema operativo (Unix), interactuar con servicios internos como PHP o MySQL, e incluso invocar funciones nativas del framework utilizado, como Laravel o Symfony. Esta ejecuci\u00f3n se logra mediante ataques de inyecci\u00f3n de mensajes a trav\u00e9s del endpoint /api//message, manipulando el contenido del par\u00e1metro 'content'."}], "lastModified": "2025-04-15T18:39:27.967", "sourceIdentifier": "cve-coordination@incibe.es"}