CVE-2025-46066 – A privilege escalation vulnerability in Automai... (How to Fix)

Q: What is the severity of CVE-2025-46066?

CVE-2025-46066 has a CVSS score of 9.9 (CRITICAL). A privilege escalation vulnerability in Automai Director v.25.2.0 allows remote attackers to gain elevated privileges on affected systems. This affects organizations using Automai Director for automation and orchestration. Attackers can potentially take full control of the application and underlying systems.

📋 TL;DR

A privilege escalation vulnerability in Automai Director v.25.2.0 allows remote attackers to gain elevated privileges on affected systems. This affects organizations using Automai Director for automation and orchestration. Attackers can potentially take full control of the application and underlying systems.

💻 Affected Systems

Products:

Automai Director

Versions: v.25.2.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of Automai Director v.25.2.0 are affected regardless of configuration.

📦 What is this software?

Director by Automai

View all CVEs affecting Director →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code, access sensitive data, and pivot to other network resources.

🟠

Likely Case

Unauthorized administrative access to Automai Director leading to data theft, configuration manipulation, and disruption of automated processes.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and monitoring in place.

🌐 Internet-Facing: HIGH - Remote exploitation capability makes internet-facing instances particularly vulnerable to attack.

🏢 Internal Only: HIGH - Even internally accessible instances are at significant risk from insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub gist contains technical details that could facilitate exploitation. The CWE-280 (Improper Handling of Insufficient Permissions or Privileges) suggests authentication bypass or privilege manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.automai.com/

Restart Required: Yes

Instructions:

1. Contact Automai support for patch availability. 2. Apply any available security updates. 3. Restart Automai Director services after patching.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Automai Director to only trusted IP addresses and networks.

Use firewall rules to limit inbound connections to specific source IPs

Enhanced Monitoring

all

Implement strict logging and alerting for privilege escalation attempts.

Configure audit logging for all authentication and authorization events

🧯 If You Can't Patch

Isolate the system in a dedicated network segment with strict access controls
Implement multi-factor authentication and principle of least privilege for all user accounts

🔍 How to Verify

Check if Vulnerable:

Check Automai Director version in administration console or configuration files. If version is 25.2.0, system is vulnerable.

Check Version:

Check Automai Director web interface or configuration files for version information

Verify Fix Applied:

Verify version has been updated to a patched release (not 25.2.0) and test privilege escalation attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events
Multiple failed authentication attempts followed by successful admin access
User account modifications from unexpected sources

Network Indicators:

Unusual outbound connections from Automai Director server
Traffic patterns suggesting automated exploitation attempts

SIEM Query:

source="automai_director" AND (event_type="privilege_escalation" OR user_role_change="admin")

📊 Metadata

CVE ID: CVE-2025-46066

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-280

EPSS Score: 0.13% exploit probability (33.1th percentile)

Published: January 12, 2026

Last Updated: January 21, 2026

🔗 References

https://gist.github.com/ZeroBreach-GmbH/4e325d09d08e16efb506076da2184f42 Third Party Advisory
https://www.automai.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46066, you might also want to check these: