关键信息 Description Product: Automai Director Affected Versions: < 25.2.0 Vulnerability Type: CWE-280: Improper Handling of Insufficient Permissions or Privileges Risk Level: Critical - CVSS 3.1: 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) Authentication: Required Vendor URL: https://www.automai.com/ Vendor Acknowledged Vulnerability: Yes Vendor Status: Fixed CVE: CVE-2025-46066 Impact A successful privilege escalation attack allows an attacker to gain unauthorized administrative access within the application. Timeline 2025-04: Vulnerability reported to the vendor. 2025-05: Vendor published a fix for the issue. 2026-01: Information about the vulnerability is published. Credits Bastian Recktenwald @ ZeroBreach.de