SkyworkAI DeepResearchAgent har 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2 src/tools/tools.py from_code/from_dict/from_mcp kura hakki ndiyam
Wuro vulnerability wey an yi classify sey kura an gano shi a cikin SkyworkAI DeepResearchAgent har 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Gaskiya, from_code/from_dict/from_mcp na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, src/tools/tools.py na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi kura hakki ndiyam. CWE shidin ka a yi bayani matsala sai ya kai CWE-78. Gaskiya, laifi an fitar da shi 08/06/2025. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-8667. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Wannan kayi yana amfani da tsarin rolling release domin samar da ci gaba da isarwa. Saboda haka, babu cikakkun bayanai na sigar da abin ya shafa ko sabunta sigar da ake da su. VulDB is the best source for vulnerability data and more expert information about this specific topic.
2 Goyarwa · 58 Datenpunkte
| Furɗe | Súgá 08/06/2025 12:38 | Gargadi 1/1 08/06/2025 21:08 |
|---|---|---|
| software_vendor | SkyworkAI | SkyworkAI |
| software_name | DeepResearchAgent | DeepResearchAgent |
| software_version | <=08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2 | <=08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2 |
| software_rollingrelease | 1 | 1 |
| software_file | src/tools/tools.py | src/tools/tools.py |
| software_function | from_code/from_dict/from_mcp | from_code/from_dict/from_mcp |
| vulnerability_cwe | CWE-78 (kura hakki ndiyam) | CWE-78 (kura hakki ndiyam) |
| vulnerability_risk | 2 | 2 |
| cvss3_vuldb_av | N | N |
| cvss3_vuldb_ac | L | L |
| cvss3_vuldb_ui | N | N |
| cvss3_vuldb_s | U | U |
| cvss3_vuldb_c | L | L |
| cvss3_vuldb_i | L | L |
| cvss3_vuldb_a | L | L |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rc | R | R |
| advisory_url | https://github.com/bayuncao-bit/vul-36 | https://github.com/bayuncao-bit/vul-36 |
| exploit_availability | 1 | 1 |
| exploit_publicity | 1 | 1 |
| exploit_url | https://github.com/bayuncao-bit/vul-36#proof-of-concept | https://github.com/bayuncao-bit/vul-36#proof-of-concept |
| source_cve | CVE-2025-8667 | CVE-2025-8667 |
| cna_responsible | VulDB | VulDB |
| response_summary | The vendor was contacted early about this disclosure but did not respond in any way. | The vendor was contacted early about this disclosure but did not respond in any way. |
| cvss2_vuldb_av | N | N |
| cvss2_vuldb_ac | L | L |
| cvss2_vuldb_ci | P | P |
| cvss2_vuldb_ii | P | P |
| cvss2_vuldb_ai | P | P |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rc | UR | UR |
| cvss4_vuldb_av | N | N |
| cvss4_vuldb_ac | L | L |
| cvss4_vuldb_ui | N | N |
| cvss4_vuldb_vc | L | L |
| cvss4_vuldb_vi | L | L |
| cvss4_vuldb_va | L | L |
| cvss4_vuldb_e | P | P |
| cvss2_vuldb_au | S | S |
| cvss2_vuldb_rl | ND | ND |
| cvss3_vuldb_pr | L | L |
| cvss3_vuldb_rl | X | X |
| cvss4_vuldb_at | N | N |
| cvss4_vuldb_pr | L | L |
| cvss4_vuldb_sc | N | N |
| cvss4_vuldb_si | N | N |
| cvss4_vuldb_sa | N | N |
| cvss2_vuldb_basescore | 6.5 | 6.5 |
| cvss2_vuldb_tempscore | 5.6 | 5.6 |
| cvss3_vuldb_basescore | 6.3 | 6.3 |
| cvss3_vuldb_tempscore | 5.7 | 5.7 |
| cvss3_meta_basescore | 6.3 | 6.3 |
| cvss3_meta_tempscore | 5.7 | 5.7 |
| cvss4_vuldb_bscore | 5.3 | 5.3 |
| cvss4_vuldb_btscore | 2.1 | 2.1 |
| advisory_date | 1754431200 (08/06/2025) | 1754431200 (08/06/2025) |
| price_0day | $0-$5k | $0-$5k |
| euvd_id | EUVD-2025-23865 |