CRITICAL🇵🇱 Wersja polska

CVE-2025-46070

CVSS 9.8v3.1pub. 2026-01-12upd. 2026-01-21

An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component

🤖 AI Analysis
How it works

A vulnerability classified as CWE-295 (improper certificate verification) is present in the BotManager.exe component of the Automai BotManager application. Improper certificate validation can allow an attacker to conduct a man-in-the-middle attack or substitute a malicious endpoint, which consequently leads to arbitrary code execution. The vulnerability is remotely exploitable, without authentication and without user interaction.

Impact

An attacker can remotely execute arbitrary code on the victim's system, leading to complete loss of system control, data breaches, and service disruption.

Mitigation & patch

Patches available from the vendor should be applied according to references. It is recommended to monitor official communications on https://www.automai.com/ and apply updates immediately upon release. Until a patch is available, network access to the BotManager.exe component should be restricted to trusted hosts only.

Who is affected

Automai BotManager version 25.2.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Automai Botmanager

    APP
    Automai
    25.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-46066CRITICAL9.9PL ✓ten sam vendor

Privilege escalation w Automai Director v.25.2.0

CVE-2025-46067HIGH8.2ten sam vendor

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive inf...

CVE-2025-46068HIGH8.8ten sam vendor

An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechan...