CVE-2025-46070 & CVE-2025-46066: Critical Automai Vulnerabilities Enable Remote Code Execution and Full Administrative Compromise

Aegiron 8 mins0

Vendor: Automai
Affected Products: Automai BotManager, Automai Director
Affected Version: 25.2.0
Risk Level: Critical
Attack Surface: Network / Application / Privilege Management

Executive Summary

Two critical security vulnerabilities have been identified in Automai automation products. When combined or individually exploited, these flaws can result in full system compromise, including remote code execution and administrator-level privilege escalation.

These vulnerabilities are particularly dangerous because Automai components often run with elevated permissions and are embedded deep within enterprise automation environments.

Immediate defensive action and monitoring are strongly advised until an official vendor patch is applied.

Affected Products and Components

ProductComponentDescription
Automai BotManagerBotManager.exeCore automation execution service
Automai DirectorWeb / Orchestration EngineCentral management and workflow control

CVE-2025-46070

Automai BotManager — Remote Code Execution

Vulnerability Type

  • Remote Code Execution (RCE)
  • Command Injection

Severity

  • Critical (CVSS ~9.8–10.0)

Attack Prerequisites

  • Network access to the BotManager service
  • No authentication required in common deployment scenarios

Technical Description

Automai BotManager improperly validates incoming data used during task execution or update-related communication. User-supplied input is passed directly into system-level execution functions without sufficient sanitization.

As a result, attackers can inject operating system commands into otherwise legitimate requests. The service executes these commands with the privileges of the BotManager service account, which is frequently SYSTEM or Administrator.

Exploitation Flow

  1. Attacker identifies a host running Automai BotManager.
  2. A crafted network request is sent containing embedded shell commands.
  3. BotManager parses the request without validation.
  4. Injected commands are executed directly by the operating system.
  5. Attacker gains persistent access, installs backdoors, or pivots laterally.

Impact

  • Full takeover of the automation host
  • Arbitrary command execution
  • Credential theft
  • Persistence via services or scheduled tasks
  • Lateral movement across the environment

Proof-of-Concept Status

  • Public proof-of-concept material exists.
  • Exploitation techniques are publicly documented.
  • PoC usage should be restricted strictly to educational and defensive research purposes only.

Detection and Monitoring

Primary Indicators of Compromise

  • BotManager spawning unexpected child processes
  • Execution of cmd.exe, powershell.exe, wmic.exe, or scripting engines
  • Creation of scheduled tasks or new services
  • Unexpected outbound network connections
  • Suspicious command-line arguments containing separators or encoded payloads

Splunk Detection Logic

Process Execution Detection

index=windows EventCode=4688
Parent_Process_Name="*BotManager.exe"
(New_Process_Name="*cmd.exe" OR New_Process_Name="*powershell.exe" OR New_Process_Name="*wmic.exe")
| stats count by host, Parent_Process_Name, New_Process_Name, Command_Line

Suspicious Command Line Injection

index=windows EventCode=4688
Parent_Process_Name="*BotManager.exe"
Command_Line="*;*" OR Command_Line="*&*" OR Command_Line="*|*" OR Command_Line="*-EncodedCommand*"

Log Source Requirements

Log SourcePurpose
Windows Security Logs (4688)Process creation visibility
Sysmon (Event ID 1, 3)Child processes and network connections
Automai Application LogsError messages and execution traces
Firewall / Proxy LogsSuspicious inbound and outbound traffic
EDR TelemetryBehavioral detection and alerting

Interim Mitigation (Until Patch)

  • Restrict network access to BotManager
  • Enforce outbound allow-listing
  • Run service under least-privileged account
  • Enable aggressive process execution monitoring
  • Isolate affected systems if suspicious activity is detected

Official Patch / Upgrade

Apply only the official vendor update when released:
https://www.automai.com/

CVE-2025-46066

Automai Director — Privilege Escalation

Vulnerability Type

  • Privilege Escalation
  • Improper Access Control

Severity

  • Critical (CVSS ~9.9)

Attack Prerequisites

  • Low-privileged authenticated access or internal foothold

Technical Description

Automai Director does not consistently enforce authorization checks for sensitive administrative actions. Certain crafted requests or workflow interactions allow users with limited privileges to execute actions reserved for administrators.

Once elevated, attackers can fully control automation workflows, modify jobs, execute commands indirectly, and access sensitive orchestration data.

Exploitation Flow

  1. Attacker gains a basic Director user account.
  2. Crafted requests bypass role validation.
  3. User privileges are escalated silently.
  4. Administrative capabilities are abused for persistence or execution.

Impact

  • Unauthorized administrative access
  • Workflow and job manipulation
  • Indirect command execution
  • Data exposure and system compromise

Proof-of-Concept Status

  • Publicly documented exploitation techniques exist
  • Use limited to defensive testing and research only

Detection and Monitoring

Indicators of Exploitation

  • Non-admin users performing admin-only actions
  • Sudden role changes without approval
  • Unapproved automation job modifications
  • Unexpected script uploads or workflow changes

Splunk Detection Logic

Privilege Escalation Detection

index=automai
event_type="role_change"
new_role="admin"
previous_role!="admin"
| stats count by user, host, _time

Unauthorized Administrative Action

index=automai
user_role!="admin"
(action="create_job" OR action="modify_workflow" OR action="upload_script")

Log Source Requirements

Log SourcePurpose
Automai Director Audit LogsRole and permission changes
Web Server LogsUnauthorized requests
Authentication LogsUser session tracking
SIEM CorrelationPrivilege abuse detection
EDRScript and execution monitoring

Interim Mitigation (Until Patch)

  • Restrict Director access to trusted users
  • Enforce MFA for all users
  • Minimize number of admin accounts
  • Monitor role changes in real time
  • Disable unnecessary upload features if possible

Official Patch / Upgrade

Apply only the official vendor update when released:
https://www.automai.com/

Overall Risk Assessment

These vulnerabilities represent a severe enterprise risk, especially in environments where Automai orchestrates critical workflows. A successful exploit can rapidly escalate from a single host to full automation platform compromise.

Final Takeaway

  • Treat exposed Automai systems as high-risk
  • Monitor process execution and privilege changes
  • Apply vendor patches immediately upon release
  • Perform threat hunting if Automai 25.2.0 is present

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.