Primary

Context

Automai Director Arbitrary Code Execution Vulnerability via Update Mechanism

Vulnerability

A vulnerability in Automai Director version 25.2.0 allows remote attackers to execute arbitrary code by exploiting the update mechanism. The issue arises because the update process fails to properly validate or restrict update sources and content, enabling attackers to inject and execute system commands during updates. This vulnerability is classified as CWE-434: Unrestricted Upload of File with Dangerous Type, and it requires authentication to exploit.

Impact

Exploitation of this vulnerability allows for arbitrary code execution, which could lead to full system compromise, unauthorized data manipulation, or the installation of persistent malware.

Remediation

Users are advised to update to the latest version of Automai Director, as the vendor has acknowledged the vulnerability and released a fix.

Added: Jan 12, 2026, 5:23 PM

Updated: Jan 12, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Automai Director Arbitrary Code Execution Vulnerability via Update Mechanism

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating