CVE-2025-46067 – A vulnerability in Automai Director v.25.2.0 al... (How to Fix)

Q: What is the severity of CVE-2025-46067?

CVE-2025-46067 has a CVSS score of 8.2 (HIGH). A vulnerability in Automai Director v.25.2.0 allows remote attackers to escalate privileges and access sensitive information by uploading a malicious JavaScript file. This affects organizations using Automai Director for automation and RPA workflows. Attackers can potentially gain administrative control over the system.

📋 TL;DR

A vulnerability in Automai Director v.25.2.0 allows remote attackers to escalate privileges and access sensitive information by uploading a malicious JavaScript file. This affects organizations using Automai Director for automation and RPA workflows. Attackers can potentially gain administrative control over the system.

💻 Affected Systems

Products:

Automai Director

Versions: v.25.2.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of Automai Director v.25.2.0. Other versions may be affected but not confirmed.

📦 What is this software?

Director by Automai

View all CVEs affecting Director →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative access, data exfiltration, and lateral movement across connected systems.

🟠

Likely Case

Privilege escalation leading to unauthorized access to sensitive automation data, credentials, and business process information.

🟢

If Mitigated

Limited impact with proper file upload restrictions and privilege separation in place.

🌐 Internet-Facing: HIGH - Remote exploitation possible if system is exposed to internet.

🏢 Internal Only: HIGH - Internal attackers can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires file upload capability. The GitHub gist shows proof-of-concept details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.automai.com/

Restart Required: No

Instructions:

Check Automai website for security updates. No official patch confirmed as of analysis date.

🔧 Temporary Workarounds

Restrict JavaScript file uploads

all

Block upload of .js files through web application firewall or server configuration

Implement strict file type validation

all

Validate file extensions and MIME types before accepting uploads

🧯 If You Can't Patch

Isolate Automai Director systems from internet and restrict internal network access
Implement strict access controls and monitor for suspicious file upload activities

🔍 How to Verify

Check if Vulnerable:

Check Automai Director version in administration panel or configuration files

Check Version:

Check Automai Director web interface or consult installation documentation

Verify Fix Applied:

Verify version is updated beyond v.25.2.0 and test file upload restrictions

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads, especially .js files
Privilege escalation attempts in audit logs

Network Indicators:

Unexpected outbound connections from Automai Director
File upload requests to Automai endpoints

SIEM Query:

source="automai" AND (file_upload="*.js" OR privilege_change="admin")

📊 Metadata

CVE ID: CVE-2025-46067

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-259

EPSS Score: 0.06% exploit probability (18.1th percentile)

Published: January 12, 2026

Last Updated: January 21, 2026

🔗 References

https://gist.github.com/ZeroBreach-GmbH/98204cff0065e611cf9e9acc3be59e03 Third Party Advisory
https://www.automai.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46067, you might also want to check these: