CVE-2025-51472

Published: Jul 22, 2025

Modified: Jul 22, 2025

PUBLISHED

Description

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/TransformerOptimus/SuperAGI

https://github.com/TransformerOptimus/SuperAGI/pull/1461

https://www.gecko.security/blog/cve-2025-51472

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-51472

Description

Affected Products

References