CNNVD-202508-707 Information

CNNVD ID

CNNVD-202508-707

Related CVE

CVE-2025-8697

• CNNVD Published: 2025-08-07

Description (Chinese)

agentUniverse是agentuniverse-ai开源的一个LLM多代理框架，允许开发人员轻松构建多代理应用程序。 agentUniverse 0.0.18及之前版本存在命令注入漏洞，该漏洞源于组件MCPSessionManager/MCPTool/MCPToolkit中函数StdioServerParameters的错误操作，导致os命令注入。

Description (English)

AngentUniverse is a LLM multi-agent framework that allows developers to easily construct multi-agent applications. AngentUniverse 0.0.18 and previous versions contain a command-injecting loophole, which stems from the error of the StdioServerParameters in the MCPSsessionManager/MCPTool/MCPToolkit function, which led to the infusion of the Os command.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

agentuniverse-ai

Published

2025-08-07

Last Modified

2026-02-24

References

https://github.com/bayuncao-bit/vul-37 https://vuldb.com/?ctiid.319127 https://github.com/bayuncao-bit/vul-37#proof-of-concept https://vuldb.com/?submit.621376 https://vuldb.com/?id.319127 https://access.redhat.com/security/cve/cve-2025-8697