An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file
Published:
11 January 2026 at 23:00:00
Alert date:
12 January 2026 at 18:02:27
Source:
nvd.nist.gov
Enterprise Applications
CVE-2025-46067 is a vulnerability in Automai Director version 25.2.0 that allows remote attackers to escalate privileges and obtain sensitive information through a crafted JavaScript file. This vulnerability poses a high risk as it enables both privilege escalation and sensitive information disclosure. The vulnerability affects Automai Director, which appears to be an automation or management platform. Additional research and proof-of-concept details are available through ZeroBreach GmbH's GitHub repository.
Technical details
Mitigation steps:
Affected products:
Automai Director
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-46067
https://gist.github.com/ZeroBreach-GmbH/98204cff0065e611cf9e9acc3be59e03
https://www.automai.com/
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.