CVE-2025-12345

High

Published: 03 March 2026

Published

03 March 2026

Modified

22 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. A…

patch should be applied to remediate this issue.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely identification, reporting, and remediation of software flaws like this buffer overflow via vendor patches.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as stack guards, non-executable memory, and address space randomization to block buffer overflow exploitation.

SI-10 Information Input Validation good match

prevent

Requires input validation at the agent_deploy_init function interface to restrict operations within memory buffer bounds and prevent overflow from manipulated data.

Security SummaryAI

CVE-2025-12345 is a buffer overflow vulnerability affecting LLM-Claw versions 0.1.0, 0.1.1, 0.1.1a, and 0.1.1a-p1. The issue resides in the agent_deploy_init function within the file /agents/deploy/initiate.c of the Agent Deployment component. Manipulation of this function triggers the buffer overflow, as documented in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input). The vulnerability was published on 2026-03-03 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

The vulnerability is remotely exploitable over the network with low complexity and no user interaction required, but it does necessitate low privileges (PR:L) for successful exploitation. An attacker with such access could manipulate the affected function to trigger the buffer overflow, potentially achieving high impacts on confidentiality, integrity, and availability. This could enable arbitrary code execution, data corruption, or denial of service on the targeted system.

Advisories, including those from VulDB (https://vuldb.com/?ctiid.348531 and https://vuldb.com/?id.348531), recommend applying a vendor-provided patch to remediate the issue.

LLM-Claw's focus on agent deployment suggests relevance to AI/ML environments, where autonomous agents powered by large language models may be deployed, potentially exposing infrastructure to this flaw in early versions. No real-world exploitation has been reported.

Details

CWE(s): CWE-119 CWE-120

AI Security AnalysisAI

AI Category: Other AI Platforms
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: llm

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Buffer overflow vulnerability remotely exploitable with low privileges (PR:L), enabling arbitrary code execution for privilege escalation (T1068) and exploitation of remote services (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://vuldb.com/?ctiid.348531
cna@vuldb.com
https://vuldb.com/?id.348531
cna@vuldb.com