CVE-2025-68952 is a critical security vulnerability identified in Eigent version 0.0.60, a multi-agent workforce automation product developed by eigent-ai. The vulnerability is categorized as CWE-94, indicating improper control over code generation, which in this case manifests as a remote code execution (RCE) flaw. An attacker can exploit this vulnerability remotely over the network without any authentication or user interaction, by triggering a specific interaction that results in arbitrary code execution on the victim’s machine or server. This means the attacker can run any code of their choice, potentially taking full control over the affected system. The vulnerability has a CVSS 4.0 base score of 9.3, reflecting its critical nature due to the ease of exploitation (network vector, no privileges or user interaction required) and the severe impact on confidentiality, integrity, and availability of the system. The vulnerability was publicly disclosed on December 27, 2025, and patched in version 0.0.61 of Eigent. No known exploits have been reported in the wild yet, but the criticality and simplicity of exploitation make it a high-risk issue. The root cause lies in improper validation or sanitization of code inputs or generation processes within Eigent, allowing malicious code injection and execution. This vulnerability threatens any deployment of Eigent 0.0.60, especially in environments where the product has network exposure or is integrated into critical workflows.

For European organizations, the impact of this vulnerability can be severe. Eigent is a multi-agent workforce automation tool, likely used in operational, administrative, or decision-making processes. Exploitation could lead to full system compromise, data breaches, disruption of business operations, and potential lateral movement within networks. Confidentiality could be compromised through data exfiltration, integrity undermined by unauthorized code execution altering workflows or data, and availability affected by destructive payloads or denial-of-service conditions. Given the critical CVSS score and no requirement for authentication or user interaction, attackers can easily exploit exposed instances remotely, increasing the risk of widespread attacks. Organizations in sectors with high reliance on AI-driven automation, such as finance, manufacturing, or public services, could face operational paralysis or regulatory consequences under GDPR if personal data is exposed. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the threat landscape could rapidly evolve.

European organizations should immediately upgrade Eigent installations from version 0.0.60 to the patched version 0.0.61 or later. If immediate patching is not feasible, network-level mitigations should be applied, such as restricting access to Eigent services via firewalls or VPNs, and implementing strict network segmentation to isolate vulnerable instances. Employ intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics to detect anomalous code injection attempts. Conduct thorough code audits and input validation reviews if custom integrations or extensions exist. Monitor logs for unusual activity indicative of exploitation attempts. Additionally, implement application-layer firewalls or web application firewalls (WAFs) where applicable to filter malicious payloads. Regularly update and test incident response plans to quickly address potential breaches. Finally, maintain close communication with eigent-ai for updates and advisories.