CNNVD-202507-2904 Information
CNNVD ID
CNNVD-202507-2904
Related CVE
- CNNVD Published: 2025-07-22
Description (Chinese)
Letta-ai letta是Letta-ai开源的一个具有内存、推理和上下文管理的有状态代理框架。 Letta-ai letta 0.7.12版本存在安全漏洞,该漏洞源于/v1/tools/run端点允许执行任意Python代码和系统命令,绕过沙箱限制。
Description (English)
Letta-ai letta is a state-of-the-art proxy framework, managed by memory, reasoning and context, from the open source of Letta-ai. There is a security loophole in version 0.7.12 of Letta-ai letta, which originates from/v1/tools/run endpoints that allow the enforcement of any Python code and system commands to circumvent sandbox limits.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Letta-ai
Published
2025-07-22
Last Modified
2026-02-24
References
https://github.com/letta-ai/letta/pull/2630 https://www.gecko.security/blog/cve-2025-51482 https://access.redhat.com/security/cve/cve-2025-51482 https://nvd.nist.gov/vuln/detail/CVE-2025-51482
Patch
https://github.com/letta-ai/letta/releases
Share on: