Director
CVE-2025-46068
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism
AnalysisAI
Director versions up to 25.2.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Technical ContextAI
This vulnerability (CWE-434: Unrestricted Upload of File with Dangerous Type) affects Director. in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism
RemediationAI
Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.
Automai Director v25.2.0 allows authenticated users to escalate to full administrative privileges with scope change (CVS
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information v
Share
External POC / Exploit Code
Leaving vuln.today