EUVD-2025-7402

ID: EUVD-2025-7402

Severity: critical

CVSS v4: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability.

Timestamps

Normalized: 2025-12-31T11:32:25Z UTC
Last updated: 2025-12-31T11:30:36Z UTC

References

No references provided.

VulnAI

EUVD-2025-7402

Description

Timestamps

References