Aperi'Solve versions before 3.2.1 allow an unauthenticated attacker to inject OS commands via an unsanitized password parameter passed into an expect command executed by bash. This leads to root-level remote code execution inside the worker container. The container's network configuration with unauthenticated PostgreSQL and Redis services allows attackers to escalate their impact by accessing databases and manipulating job queues. Presence of Docker socket or host volume mounts can further escalate this to full host compromise. The vulnerability is identified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and has a CVSS 4.0 base score of 9.3, indicating critical severity. The issue is resolved in Aperi'Solve version 3.2.1.

An unauthenticated attacker can achieve root-level remote code execution inside the worker container, gaining full read/write access to user-uploaded images, analysis results, and plaintext steganography passwords stored on disk. The attacker can pivot to unauthenticated PostgreSQL and Redis services on the same Docker network to dump databases or manipulate job queues, affecting other users' data integrity. If Docker socket or host volume mounts are present, the attacker can escalate to full host compromise, including website defacement.

This vulnerability is fixed in Aperi'Solve version 3.2.1. Users should upgrade to version 3.2.1 or later to remediate this issue. No official patch or temporary fix is indicated beyond upgrading. Since this is not a cloud service, remediation depends on user action to update the software.