CVE-2025-67511: Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automat
criticalvulnerability
security
Summary
CVE-2025-67511 is a command injection vulnerability (a flaw where attackers can insert malicious commands into input) in Cybersecurity AI (CAI), an open-source framework for building AI agents that handle security tasks. Versions 0.5.9 and earlier are vulnerable because the run_ssh_command_with_credentials() function only escapes (protects) the password and command inputs, leaving the username, host, and port values open to attack.
Vulnerability Details
CVSS Score
9.6(critical)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-67511
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%