{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2025-2733", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "deu", "value": "Es wurde eine Schwachstelle in mannaandpoem OpenManus bis 2025.3.13 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei app/tool/python_execute.py der Komponente Prompt Handler. Mit der Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OS Command Injection", "cweId": "CWE-78" } ] }, { "description": [ { "lang": "eng", "value": "Command Injection", "cweId": "CWE-77" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "mannaandpoem", "product": { "product_data": [ { "product_name": "OpenManus", "version": { "version_data": [ { "version_affected": "=", "version_value": "2025.3.0" }, { "version_affected": "=", "version_value": "2025.3.1" }, { "version_affected": "=", "version_value": "2025.3.2" }, { "version_affected": "=", "version_value": "2025.3.3" }, { "version_affected": "=", "version_value": "2025.3.4" }, { "version_affected": "=", "version_value": "2025.3.5" }, { "version_affected": "=", "version_value": "2025.3.6" }, { "version_affected": "=", "version_value": "2025.3.7" }, { "version_affected": "=", "version_value": "2025.3.8" }, { "version_affected": "=", "version_value": "2025.3.9" }, { "version_affected": "=", "version_value": "2025.3.10" }, { "version_affected": "=", "version_value": "2025.3.11" }, { "version_affected": "=", "version_value": "2025.3.12" }, { "version_affected": "=", "version_value": "2025.3.13" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://vuldb.com/?id.300753", "refsource": "MISC", "name": "https://vuldb.com/?id.300753" }, { "url": "https://vuldb.com/?ctiid.300753", "refsource": "MISC", "name": "https://vuldb.com/?ctiid.300753" }, { "url": "https://vuldb.com/?submit.520426", "refsource": "MISC", "name": "https://vuldb.com/?submit.520426" }, { "url": "https://magnificent-dill-351.notion.site/Command-Execution-in-Openmanus-2025-3-13-1b6c693918ed80b2826ef6bb385693fa", "refsource": "MISC", "name": "https://magnificent-dill-351.notion.site/Command-Execution-in-Openmanus-2025-3-13-1b6c693918ed80b2826ef6bb385693fa" } ] }, "credits": [ { "lang": "en", "value": "s0l42 (VulDB User)" } ], "impact": { "cvss": [ { "version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM" }, { "version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM" }, { "version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } }