CVE-2025-8667 – This critical vulnerability in SkyworkAI DeepRe... (How to Fix)

Q: What is the severity of CVE-2025-8667?

CVE-2025-8667 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in SkyworkAI DeepResearchAgent allows remote attackers to execute arbitrary operating system commands through command injection in the from_code/from_dict/from_mcp functions. The vulnerability affects all versions up to commit 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2, and organizations using this software with internet-facing deployments are at highest risk.

📋 TL;DR

This critical vulnerability in SkyworkAI DeepResearchAgent allows remote attackers to execute arbitrary operating system commands through command injection in the from_code/from_dict/from_mcp functions. The vulnerability affects all versions up to commit 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2, and organizations using this software with internet-facing deployments are at highest risk.

💻 Affected Systems

Products:

SkyworkAI DeepResearchAgent

Versions: All versions up to commit 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Continuous delivery model means specific version numbers aren't available; check commit hash against vulnerability.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems in the network.

🟠

Likely Case

Unauthorized command execution leading to data exfiltration, system manipulation, or service disruption.

🟢

If Mitigated

Limited impact through proper network segmentation, input validation, and least privilege controls.

🌐 Internet-Facing: HIGH - Remote exploitation is possible, making internet-facing instances immediate targets.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept is publicly available on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider removing or replacing the software until vendor provides fix.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for all parameters passed to from_code/from_dict/from_mcp functions

Network Access Restriction

all

Restrict network access to DeepResearchAgent instances using firewall rules

🧯 If You Can't Patch

Isolate affected systems in a segmented network zone with strict egress filtering
Implement application-level input validation and command whitelisting

🔍 How to Verify

Check if Vulnerable:

Check if your DeepResearchAgent commit hash is 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2 or earlier

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify that input validation prevents command injection in from_code/from_dict/from_mcp functions

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Suspicious parameters in tool.py function calls
Unexpected process spawns

Network Indicators:

Unusual outbound connections from DeepResearchAgent instances
Command and control traffic patterns

SIEM Query:

Process creation events from DeepResearchAgent with unusual command-line arguments

📊 Metadata

CVE ID: CVE-2025-8667

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.56% exploit probability (67.7th percentile)

Published: August 6, 2025

Last Updated: August 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8667, you might also want to check these: