CVE-2025-5151 | defog-ai introspect up to 0.1.4 analysis_tools.py execute_analysis_code_safely code code injection (Issue 495 / ID 502)

A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code injection.

This vulnerability is uniquely identified as CVE-2025-5151. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

The code maintainer explains, that “[they] have added some workarounds to address this in #502, but will not be implementing a full fix. This is because this repo is meant to be run in a docker environment, which will significantly mitigate potential security risks. Having said that, we have added a SECURITY section in our README to make this clearer to users.”

CVE-2025-5151 | defog-ai introspect up to 0.1.4 analysis_tools.py execute_analysis_code_safely code code injection (Issue 495 / ID 502)

Post correlati

CVE-2024-57778 | Orbe ONetView Roeador Onet-1200 Orbe 1680210096 Status Code Privilege Escalation

CVE-2024-0169 | Dell Unity up to 5.3 cross site scripting (dsa-2024-042)

CVE-2021-46899 | SyncTrayzor 1.1.29 CEF Remote Debug Local Privilege Escalation (Issue 666)

CVE-2024-11220 | Open Automation Software prior 20.00.0076 incorrect execution-assigned permissions (icsa-24-338-03)