CVE-2025-2733

6.3 MEDIUM

Remote Code Execution

📋 TL;DR

This critical vulnerability in OpenManus allows remote attackers to execute arbitrary operating system commands through the Python execution component. It affects all OpenManus installations up to version 2025.3.13. Attackers can potentially gain full control of affected systems.

💻 Affected Systems

Products:

• mannaandpoem OpenManus

Versions: All versions up to and including 2025.3.13

Operating Systems: Any OS running OpenManus

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Prompt Handler component in app/tool/python_execute.py. All deployments using vulnerable versions are affected.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to data exfiltration, system manipulation, or deployment of ransomware/cryptominers.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and command filtering are implemented.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication, making internet-facing instances immediate targets.

🏢 Internal Only: MEDIUM - Still significant risk from internal threats or compromised accounts, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed. The vulnerability is remotely exploitable without authentication, making it attractive for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor unresponsive

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Monitor vendor channels for official patch. 2. If patch becomes available, download and apply. 3. Restart OpenManus service. 4. Verify fix implementation.

🔧 Temporary Workarounds

Disable Python Execution Component

linux

Temporarily disable or remove the vulnerable python_execute.py component

Copy

mv /path/to/app/tool/python_execute.py /path/to/app/tool/python_execute.py.disabled
systemctl restart openmanus

Implement Input Validation

all

Add strict input validation and sanitization for prompt handler inputs

🧯 If You Can't Patch

• Isolate OpenManus instances behind firewalls with strict network access controls
• Implement application-level filtering to block suspicious command patterns in user inputs

🔍 How to Verify

Check if Vulnerable:

Copy

Check OpenManus version: grep -r 'version' /path/to/openmanus/config/ or check package manager. If version ≤ 2025.3.13, system is vulnerable.

Check Version:

Copy

find / -name '*openmanus*' -type f -exec grep -l 'version' {} \; 2>/dev/null | head -5

Verify Fix Applied:

Copy

After applying workarounds, test if python execution functionality is disabled and monitor for any command injection attempts.

📡 Detection & Monitoring

Log Indicators:

• Unusual python execution patterns
• Suspicious system commands in OpenManus logs
• Failed authentication attempts followed by command execution

Network Indicators:

• Unexpected outbound connections from OpenManus server
• Traffic to known malicious IPs

SIEM Query:

Copy

source="openmanus.log" AND ("python_execute" OR "os.system" OR "subprocess") AND (cmd=* OR exec=*)

📊 Metadata

CVE ID: CVE-2025-2733

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.42% exploit probability (61.3th percentile)

Published: March 25, 2025

Last Updated: March 27, 2025

🔗 References

• https://magnificent-dill-351.notion.site/Command-Execution-in-Openmanus-2025-3-13-1b6c693918ed80b2826ef6bb385693fa
• https://vuldb.com/?ctiid.300753
• https://vuldb.com/?id.300753
• https://vuldb.com/?submit.520426

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2733, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)

CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)

CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)