CVE-2025-31693

CVE-2025-31693: AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022

Vendor Drupal

Product AI (Artificial Intelligence)

Weakness CWE-78

Published March 31, 2025

Last update April 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

Key dates

02Disclosure timeline

March 31, 2025 CVE published

April 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-31693

Related vulnerabilities

04Related CVE

CVE-2025-8748 OS command injection in MiR robots and MiR fleet via crafted HTTP requests CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint CVE-2026-6114 Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection CVE-2025-7723 Authenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2