CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2025-5151 – defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection
https://notcve.org/view.php?id=CVE-2025-5151
25 May 2025 — A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/defog-ai/introspect/issues/495 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2025-4767 – defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection
https://notcve.org/view.php?id=CVE-2025-4767
16 May 2025 — A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py of the component Test Endpoint. The manipulation of the argument input_model leads to code injection. Attacking locally is a requirement. • https://github.com/defog-ai/introspect/issues/496 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •