Home > Vulnerability Database > CVE-2025-51472

Mend.io Vulnerability Database

CVE-2025-51472

Good to know:

Date: July 21, 2025

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/TransformerOptimus/SuperAGI/pull/1461

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-51472

Url: https://github.com/TransformerOptimus/SuperAGI

Url: https://www.gecko.security/blog/cve-2025-51472

Url: https://www.mend.io/vulnerability-database/CVE-2025-51472

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Top Fix

Upgrade Version

Upgrade to version https://github.com/TransformerOptimus/SuperAGI.git - no_fix

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-51472

Good to know:

Date: July 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?