CVE-2025-68952

Critical

Published: 27 December 2025

Published

27 December 2025

Modified

19 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0049 65.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution (RCE) vulnerability has been identified in Eigent. This vulnerability allows an attacker to execute arbitrary code on the victim's machine or server through a specific interaction (1-click).…

This issue has been patched in version 0.0.61.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation through applying the patch in Eigent version 0.0.61 directly eliminates the specific RCE vulnerability.

SI-10 Information Input Validation good match

prevent

Information input validation prevents code injection (CWE-94) by sanitizing untrusted inputs in the vulnerable 1-click interaction.

SI-16 Memory Protection partial match

prevent

Memory protection mechanisms like ASLR and DEP mitigate arbitrary code execution resulting from successful injection exploits.

Security SummaryAI

CVE-2025-68952 is a 1-click remote code execution (RCE) vulnerability in Eigent, a multi-agent Workforce software. The issue affects version 0.0.60 and is classified under CWE-94 (Code Injection). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its network-accessible nature, low attack complexity, and lack of required privileges or user interaction.

An unauthenticated remote attacker can exploit this vulnerability through a specific 1-click interaction to execute arbitrary code on the victim's machine or server. Successful exploitation grants high-impact access, potentially compromising confidentiality, integrity, and availability by allowing full control over the affected system.

The vulnerability has been patched in Eigent version 0.0.61. Additional details on the issue and mitigation are available in the GitHub security advisory at https://github.com/eigent-ai/eigent/security/advisories/GHSA-pwcx-28p4-rmq4.

Details

CWE(s): CWE-94

Affected Products

eigent

0.0.60

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote code execution vulnerability in public-facing workforce software directly enables exploitation of public-facing applications (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/eigent-ai/eigent/security/advisories/GHSA-pwcx-28p4-rmq4
Vendor Advisory · security-advisories@github.com