CNNVD-202508-611 Information
Aug 06, 2025
cve
CNNVD ID
CNNVD-202508-611
Related CVE
- CNNVD Published: 2025-08-06
Description (Chinese)
DeepResearchAgent是Skywork开源的一个应用程序。 DeepResearchAgent存在命令注入漏洞,该漏洞源于src/tools/tools.py文件中from_code/from_dict/from_mcp函数对参数的错误操作,可能导致os命令注入。
Description (English)
DeepResearchAgent is an application from Skywork. DeepResearchAgent has a command-injecting loophole, which stems from the error in the parameter of the from code/from dic/from mcp function in the src/tools/tools.py file, which may lead to an Os command injection.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
Skywork
Published
2025-08-06
Last Modified
2026-02-24
References
https://github.com/bayuncao-bit/vul-36 https://github.com/bayuncao-bit/vul-36#proof-of-concept https://vuldb.com/?ctiid.319026 https://vuldb.com/?id.319026 https://vuldb.com/?submit.621324
Share on: