CVE-2025-31693: Drupal AI Vulnerable to OS Command Injection

April 1, 2025 (updated April 15, 2025)

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

References

git.drupalcode.org/project/ai
github.com/advisories/GHSA-vx9m-rfxq-gr74
nvd.nist.gov/vuln/detail/CVE-2025-31693
www.drupal.org/sa-contrib-2025-022

Code Behaviors & Features

Detect and mitigate CVE-2025-31693 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →