Vulnerability Database

318,275

Total vulnerabilities in the database

CVE-2025-31692

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

Published: Apr 1, 2025
Updated: Jan 19, 2026
CVE: CVE-2025-31692
GHSA: GHSA-pwjq-fx3v-8f9r
Severity: Medium
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
drupal / ai	-	1.0.5
drupal / artificial_intelligence	-	1.0.5

https://www.drupal.org/sa-contrib-2025-021

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo