Vulnerability Description
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/terminals/shell_tool.py. The manipulation leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inclusionai | Aworld | <= 2025-04-24 |
Related Weaknesses (CWE)
References
- https://github.com/inclusionAI/AWorld/issues/38ExploitIssue Tracking
- https://github.com/inclusionAI/AWorld/issues/38#issue-2996574433ExploitIssue Tracking
- https://github.com/inclusionAI/AWorld/issues/38#issuecomment-2806190923ExploitIssue Tracking
- https://vuldb.com/?ctiid.306395Permissions RequiredVDB Entry
- https://vuldb.com/?id.306395Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.559222Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-4032?
CVE-2025-4032 is a vulnerability with a CVSS score of 5.0 (MEDIUM). A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the fi...
How severe is CVE-2025-4032?
CVE-2025-4032 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4032?
Check the references section above for vendor advisories and patch information. Affected products include: Inclusionai Aworld.