CVE-2025-51482

Published: Jul 22, 2025

Modified: Jul 22, 2025

PUBLISHED

Description

Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/letta-ai/letta

https://github.com/letta-ai/letta/pull/2630

https://www.gecko.security/blog/cve-2025-51482

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-51482

Description

Affected Products

References