PlotAI eval vulnerability

GHSA-2hmp-5wqg-f24h · CVE-2025-1497 · PYSEC-2025-22

Published Mar 10, 2025 · Modified Oct 3, 2025

Description

A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. PlotAI commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-1497
WEB https://github.com/mljar/plotai/commit/bdcfb13484f0b85703a4c1ddfd71cb21840e7fde
WEB https://cert.pl/en/posts/2025/03/CVE-2025-1497
WEB https://cert.pl/posts/2025/03/CVE-2025-1497
PACKAGE https://github.com/mljar/plotai
WEB https://github.com/pypa/advisory-database/tree/main/vulns/plotai/PYSEC-2025-22.yaml

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes