AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021

Vulnerability

Type and Root Cause CVE-2025-31692 is an OS command injection vulnerability in the AI module for Drupal, affecting versions before 1.0.5. The AI Automators submodule fails to properly sanitize user-supplied input before passing it to the underlying shell for execution as part of a command [1][2]. This results in an improper neutralization of special elements, enabling an attacker to inject arbitrary operating system commands.

Attack

Vector and Prerequisites The vulnerability is present in optional Automator Types within the AI Automators (sub)module [2]. An attacker must be able to supply input to the vulnerable command execution logic, likely requiring some level of authentication or specific Drupal permissions to access the automator functionality. The attack can be performed over the network, and no user interaction is required beyond the attacker's actions.

Impact

Successful exploitation allows an attacker to execute arbitrary OS commands on the underlying server, leading to full remote code execution. This can result in complete compromise of the Drupal site, including data theft, site defacement, or use of the server for further attacks. The CVSS v4 score has not yet been assigned by NVD, but the Drupal security advisory rates this as Critical [2].

Mitigation

The Drupal Security Team has released AI version 1.0.5 which fixes the issue [2]. Users running any version before 1.0.5 should update immediately. The vulnerability affects Drupal CMS installations that include the AI module and its AI Automators submodule. There are no known workarounds, making upgrading the only reliable mitigation.