{"id":9977,"date":"2025-08-06T13:45:42","date_gmt":"2025-08-06T13:45:42","guid":{"rendered":"http:\/\/localhost\/?p=9977"},"modified":"2025-08-06T13:45:42","modified_gmt":"2025-08-06T13:45:42","slug":"skyworkai-deepresearchagent-toolspy-frommcp-os-command-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9977","title":{"rendered":"SkyworkAI DeepResearchAgent tools.py from_mcp os command injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nSkyworkAI DeepResearchAgent tools.py from_mcp os command injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-06T18:02:05.465Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-06T18:02:05.465Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nSkyworkAI<\/td>\n<\/tr>\n
Product<\/th>\nDeepResearchAgent<\/td>\n<\/tr>\n
Version<\/th>\n08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability in SkyworkAI’s DeepResearchAgent allows remote attackers to execute arbitrary OS commands via the tools.py file. This could lead to full system compromise. The vendor has not responded to disclosure attempts, and no patch is available. Users should exercise extreme caution.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nSkyworkAI<\/td>\n<\/tr>\n
AI Product<\/th>\nDeepResearchAgent<\/td>\n<\/tr>\n
AI Version<\/th>\nUnknown<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n