Vulnerability Database

300,926

Total vulnerabilities in the database

CVE-2025-51472

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

Published: Jul 22, 2025
Updated: Jul 23, 2025
CVE: CVE-2025-51472
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://github.com/TransformerOptimus/SuperAGI
https://github.com/TransformerOptimus/SuperAGI/pull/1461
https://www.gecko.security/blog/cve-2025-51472

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo