What is the CVSS score of CVE-2025-69443?

CVE-2025-69443 has a CVSS 3.1 base score of 6.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Archon CVE-2025-69443

EUVD-2025-209844 MEDIUM

Code Injection (CWE-94)

2026-05-14 cve@mitre.org

GHSA-9w6r-hr5j-2g2p

RCE Code Injection

6.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

May 15, 2026 - 15:23 vuln.today

CVSS changed

May 15, 2026 - 15:22 NVD

6.3 (MEDIUM)

CVE Published

May 14, 2026 - 15:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys.

AnalysisAI

Remote code execution in Archon 0.1.0 enables attackers to execute arbitrary commands and steal API keys when victims access a malicious HTML page. The attack exploits insufficient input validation (CWE-94) to control the Archon UI, run prompts on behalf of authenticated users, and exfiltrate all information displayed in the interface. With EPSS score of 0.04% (13th percentile) and no confirmed active exploitation, this represents a web-to-client attack requiring social engineering but offering significant post-exploitation capabilities once triggered.

Technical ContextAI

Archon is an AI-powered operating system and UI framework for orchestrating AI agent workflows. This vulnerability stems from improper neutralization of special elements used in a command (CWE-94), a code injection class that allows untrusted input to be interpreted as executable code. The attack vector exploits Archon's web-based interface processing, where crafted HTML content triggers command execution within the application context. The CVSS vector AV:N/AC:L indicates network-accessible exploitation with low complexity, though UI:R confirms required user interaction. The vulnerability allows cross-context exploitation where externally-controlled HTML can manipulate the Archon client's execution environment, suggesting inadequate sandboxing or origin validation in the application's web content handling.

RemediationAI

Upgrade to Archon version newer than 0.1.0 if available - consult the GitHub repository at https://github.com/coleam00/Archon for patched releases. As of analysis time, no specific fix version is independently confirmed. If upgrading is not immediately feasible, implement defense-in-depth controls: restrict Archon UI access to trusted internal networks only via firewall rules (note: this prevents legitimate remote access and may break workflows); configure Content Security Policy headers to block execution of external scripts and resources (trade-off: may interfere with legitimate third-party integrations); disable automatic HTML rendering features if Archon supports plaintext-only mode; segregate API keys into separate credential management systems rather than displaying them in the UI; implement browser isolation or sandboxing for any web-based Archon interfaces. Monitor application logs for unexpected command execution patterns or unauthorized prompt submissions. Given the early version (0.1.0) and lack of vendor advisory, consider evaluating alternative AI orchestration platforms for production workloads until the project matures with security-focused releases.

CVE-2025-69443 vulnerability details – vuln.today

Back