CVE-2025-8665 | agno-agi agno up to 1.7.5 Model Context Protocol mcp.py MCPTools/MultiMCPTools command os command injection

A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection.

The identification of this vulnerability is CVE-2025-8665. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More