Description

The application is vulnerable to prompt injection attacks where crafted input can manipulate the LLM's behavior. This may lead to unauthorized command execution or exposure of sensitive data.

Remediation

Implement robust input validation and output sanitization. Regularly update the LLM security patterns and monitor for anomalous prompt behavior.

References

OWASP Top 10 for LLM Applications 2025

Related Vulnerabilities

IBM ODM JNDI injection (CVE-2024-22319)

XWiki Platform RCE (CVE-2023-37462)

ForgeRock OpenAM Deserialization RCE (CVE-2021-29156)

Severity

High

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L