Skip to main content

Ai Bolit CVE-2025-65530

HIGH
Eval Injection (CWE-95)
2025-12-12 cve@mitre.org
8.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 05, 2026 - 03:23 vuln.today
CVE Published
Dec 12, 2025 - 16:15 cve.org
HIGH 8.8

DescriptionCVE.org

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.

AnalysisAI

Arbitrary root file overwrite in CloudLinux ai-bolit before v32.7.4 occurs when the scanner's malware de-obfuscation routines evaluate attacker-controlled content, enabling code injection that runs with the scanner's root privileges. A crafted file placed where ai-bolit will scan it triggers the flaw, letting an attacker overwrite arbitrary files as root and effectively take over the host. There is no public exploit identified at time of analysis, EPSS risk is modest (0.29%, 21st percentile), and it is not listed in CISA KEV.

Share

CVE-2025-65530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy