CVE-2025-31692: Drupal AI Vulnerable to OS Command Injection via Optional Automator Types

April 1, 2025 (updated April 2, 2025)

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

References

git.drupalcode.org/project/ai
github.com/advisories/GHSA-pwjq-fx3v-8f9r
nvd.nist.gov/vuln/detail/CVE-2025-31692
www.drupal.org/sa-contrib-2025-021

Code Behaviors & Features

Detect and mitigate CVE-2025-31692 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →