CVE-2025-4261 is a code injection vulnerability identified in the GAIR-NLP factool software, specifically affecting the function run_single within the file factool/factool/math/tool.py. The vulnerability allows an attacker with local access and low privileges to manipulate inputs or parameters processed by this function, leading to arbitrary code execution within the context of the application. The vulnerability arises due to insufficient input validation or sanitization in the run_single function, which processes mathematical or logical operations. Because the product uses a rolling release model with continuous delivery, exact version numbers for affected and patched releases are not clearly defined, complicating patch management. The CVSS 4.0 base score is 4.8, indicating a medium severity level, reflecting that the attack vector is local (AV:L), requires low privileges (PR:L), and does not require user interaction (UI:N). The impact on confidentiality, integrity, and availability is low, and the vulnerability does not involve network attack vectors or elevated privileges. No known exploits are currently observed in the wild, but public disclosure of the exploit details increases the risk of future exploitation. The vulnerability is critical in nature due to the potential for code injection, but the requirement for local access and low privileges limits the attack surface. Organizations using GAIR-NLP factool should be aware of this vulnerability and monitor for updates or patches from the vendor.

For European organizations, the impact of CVE-2025-4261 depends largely on the deployment context of GAIR-NLP factool. If the software is used in environments where multiple users have local access or where untrusted users can execute code locally, the vulnerability could lead to unauthorized code execution, potentially compromising system integrity or enabling lateral movement within internal networks. However, since the attack requires local access and low privileges, remote exploitation is not feasible, reducing the risk for organizations with strong access controls. Confidentiality and availability impacts are limited but could escalate if the injected code is used to manipulate data or disrupt operations. Given the continuous delivery model of the product, organizations may face challenges in tracking vulnerable versions, increasing the risk of running unpatched software. European organizations in research, natural language processing, or AI sectors using GAIR-NLP factool should prioritize assessing their exposure. The medium CVSS score suggests moderate risk, but the critical nature of code injection warrants attention to prevent potential privilege escalation or persistent compromise.

1. Restrict local access to systems running GAIR-NLP factool to trusted and authorized personnel only, minimizing the risk of exploitation by untrusted users. 2. Implement strict user privilege management to ensure that users with local access have the minimum necessary permissions, reducing the impact of low-privilege exploitation. 3. Monitor vendor communications closely for patches or updates addressing this vulnerability, given the rolling release model complicates version tracking. 4. Conduct regular audits of installed versions and configurations of GAIR-NLP factool to identify and remediate vulnerable instances promptly. 5. Employ application whitelisting and runtime application self-protection (RASP) techniques to detect and block unauthorized code execution attempts within the application context. 6. Use endpoint detection and response (EDR) tools to monitor for suspicious local activity indicative of code injection or exploitation attempts. 7. Educate local users on security best practices and the risks of executing untrusted code or commands on systems running this software. 8. If feasible, isolate systems running factool in segmented network zones to limit lateral movement in case of compromise.