CVE-2025-4032 | inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e shell_tool.py subprocess.run/subprocess.Popen os command injection (Issue 38)

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/terminals/shell_tool.py. The manipulation leads to os command injection.

The identification of this vulnerability is CVE-2025-4032. The attack may be initiated remotely. Furthermore, there is an exploit available.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

CVE-2025-4032 | inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e shell_tool.py subprocess.run/subprocess.Popen os command injection (Issue 38)

Post correlati

CVE-2024-33601 | GNU C Library Netgroup Cache allocation of resources

CVE-2024-38267 | Zyxel VMG8825-T50K up to 5.50(ABOM.8)C0 IPv6 Address Parser memory corruption

CVE-2024-8915 | Category Icon Plugin up to 1.0.0 on WordPress SVG File Upload cross site scripting

CVE-2024-7605 | HelloAsso Plugin up to 1.1.10 on WordPress Options Update authorization