OS Command Injection Vulnerability in Drupal AI Software
CVE-2025-31692

7.5HIGH

Key Information:

Vendor: Drupal
Status: Ai (artificial Intelligence)
Vendor: CVE Published:; 31 March 2025

Summary

An OS Command Injection vulnerability has been identified in Drupal AI (Artificial Intelligence), potentially allowing attackers to execute arbitrary commands on the host operating system. This flaw primarily affects versions from 0.0.0 up to 1.0.4, enabling exploitation when the software improperly neutralizes special elements in user-supplied data. Developers and administrators are urged to promptly update to version 1.0.5 or later to mitigate this risk.

Affected Version(s)

AI (Artificial Intelligence) 0.0.0 < 1.0.5

References

https://www.drupal.org/sa-contrib-2025-021

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Drew Webber (mcdruid)

Marcus Johansson (marcus_johansson)

Drew Webber (mcdruid)

Michal Gow (seogow)

Drew Webber (mcdruid)