Cyber Posture

CVE-2025-46066

Critical

Published: 12 January 2026

Published
12 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0015 35.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely flaw remediation, directly addressing CVE-2025-46066 by applying vendor patches to fix the privilege escalation vulnerability in Automai Director v25.2.0.

AC-6 Least Privilege good match
prevent

AC-6 enforces the principle of least privilege, preventing low-privileged remote attackers from escalating privileges due to improper handling of credentials as in this CVE.

AC-3 Access Enforcement good match
prevent

AC-3 mandates enforcement of approved access authorizations, countering the improper privilege handling that enables remote escalation in CVE-2025-46066.

Security SummaryAI

CVE-2025-46066 is a privilege escalation vulnerability affecting Automai Director version 25.2.0. The issue, classified under CWE-280 (Improper Handling of Insufficient Privileges or Credentials), enables a remote attacker to escalate privileges. It has a CVSS v3.1 base score of 9.9 (Critical), with the vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, low privileges required for initial access, no user interaction needed, a change in scope, and high impact on confidentiality, integrity, and availability.

A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network without user interaction. Successful exploitation allows privilege escalation, potentially leading to full system compromise given the high impact ratings and scope change (S:C), enabling unauthorized high-level access, data exfiltration, modification, or disruption.

Mitigation details are available in advisories from ZeroBreach-GmbH at https://gist.github.com/ZeroBreach-GmbH/4e325d09d08e16efb506076da2184f42 and on the vendor site at https://www.automai.com/. The vulnerability was published on 2026-01-12T17:15:50.700.

Details

CWE(s)
CWE-280

Affected Products

automai
director
25.2.0

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The CVE is explicitly a privilege escalation vulnerability (CWE-280) exploitable remotely with low privileges (PR:L), directly enabling T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References