Composio
Moderate fix1 remedy
cpe:2.3:a:composio:composio:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 0.5.40
Composio Command Execution Vulnerability in Tool Handling Functions
Vulnerability
Patched
A command execution vulnerability has been identified in Composio versions through 0.5.40. This issue arises in the 'composio_openai', 'composio_claude', and 'composio_julep' plugins, specifically within the 'handle_tool_calls' function. The vulnerability allows for arbitrary command execution by injecting malicious input into tool calls, exploiting insufficient input validation.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the agent's local environment, potentially compromising the system's integrity and confidentiality.
Reproduction
The vulnerability can be reproduced by using the Composio toolset for OpenAI or Claude. After initializing the toolset and obtaining the appropriate tools, a prompt can be crafted to inject commands into the 'SHELLTOOL_SPAWN_PROCESS' function, which is designed to execute system commands. Once the injected command is executed, the output can be captured and verified.
Remediation
Users are advised to upgrade to Composio version 0.6.9 or later, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
10.0exploitability
6.0remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.