CVE-2025-3579: In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute una
highvulnerabilityLLM-Specific
security
Summary
In Aidex versions before 1.7, a logged-in attacker could exploit an open registry to run unauthorized commands on the system through prompt injection attacks (tricking the AI by hiding malicious instructions in user input) via the chat message endpoint. This allowed them to execute operating system commands, access databases, and invoke framework functions.
Solution / Mitigation
Update to Aidex version 1.7 or later.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.7%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-3579
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 85%