Unrated severityNVD Advisory· Published Jul 22, 2025· Updated Jul 22, 2025

CVE-2025-51472

Description

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

Affected products

TransformerOptimus/SuperAGIdescription
TransformerOptimus/Superagillm-fuzzy
Range: =0.0.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/TransformerOptimus/SuperAGI/pull/1461mitre
www.gecko.security/blog/cve-2025-51472mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000