Security Advisory: Critical RCE Vulnerability Found in Drupal AI Module (CVE-2025-3169)

In a detailed blog post, Drew Webber shares insights into a critical Remote Code Execution (RCE) vulnerability (CVE-2025-3169) in the Drupal AI module, disclosed by the Drupal Security Team in March 2025. The issue centred around unsafe input handling within shell commands, particularly in the AI Automators submodule that leverages ffmpeg for video processing. Webber demonstrates how attackers could inject commands via LLM-generated timestamps or file upload filenames, bypassing input validation and achieving command execution on the server.

The post outlines several exploitation methods, including prompt injection and manipulated filenames that Drupal CMS would accept by default. These could be used to create dangerous shell commands executed without proper sanitisation. Webber further explains how these flaws also enable a separate but related vulnerability (CVE-2025-31693), involving a PHP object injection “gadget chain” that could allow file deletion or even code execution if combined with other insecure code paths.

The article emphasises the importance of proper input sanitisation using tools like escapeshellarg() and praises the prompt and collaborative response from Marcus Johansson, a maintainer of the AI module. Users of the Drupal AI module are strongly advised to upgrade to version 1.0.5 or later to mitigate these risks.