@blamejs/exceptd-skills 0.13.119 → 0.13.121

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.13.121 — 2026-05-26
+
+CVE catalog — ONNX model-interchange path traversal. Adds **CVE-2025-51480** in ONNX, the de-facto open model-interchange format used across the ML ecosystem. `onnx.external_data_helper.save_external_data` does not confine the model-supplied `external_data` `location`, so processing a crafted ONNX model writes external-data tensors to an arbitrary path (`../` traversal or absolute), overwriting arbitrary files (CWE-22; NVD CVSS v3.1 8.8) — which in a model-load pipeline can escalate to code execution. Requires the victim to process the malicious model (UI:R), so it is modelled as a malicious-model / supply-chain class (ATLAS AML.T0010/AML.T0011, ATT&CK T1195.002). Fixed in 1.18.0. Reuses the AI-runtime-API path-traversal validation control (NEW-CTRL-094). CVE count 411 → 412.
+
+## 0.13.120 — 2026-05-26
+
+CVE catalog — LangChain JS serialization injection. Adds **CVE-2025-68665**, the JavaScript sibling of the already-catalogued Python-side CVE-2025-68664. LangChain JS's `toJSON()` (and `JSON.stringify` of LangChain objects) did not escape free-form data containing the internal `lc` marker key, so attacker-controlled data carrying that structure is rehydrated as a legitimate LangChain object on deserialization instead of staying plain data (CWE-502; GitHub CNA CVSS v3.1 8.6, scope-changed / NVD 9.1). Fixed in `@langchain/core` 0.3.80 / 1.1.8 and `langchain` 0.3.37 / 1.2.3. Reuses the LLM-output deserialization trust-zone control (NEW-CTRL-064) and AI-tool input-sanitization (NEW-CTRL-005). Scored conservatively below the Python sibling, which additionally carries suspected-exploitation and weaponization signals the JS variant lacks. CVE count 410 → 411.
+
 ## 0.13.119 — 2026-05-26
 
 CVE catalog — Chainlit LLM-app framework. Adds two flaws in the `/project/element` update flow of Chainlit, a widely used open-source framework for conversational-AI / LLM apps. **CVE-2026-22218** (VulnCheck CNA CVSS v4.0 7.1; NVD v3.1 6.5) — a custom element with a caller-supplied `path` is copied into the requesting user's session without validation, so an authenticated client reads arbitrary files on the server host (CWE-22 path traversal); fixed in 2.9.4. Reuses the AI-runtime-API path-traversal validation control (NEW-CTRL-094) shared with the AnythingLLM upload traversal. **CVE-2026-22219** (VulnCheck CNA CVSS v4.0 8.3; NVD v3.1 7.7, scope-changed) — with the SQLAlchemy data-layer backend, a custom element's `url` is fetched server-side and the response stored, so an authenticated client reaches internal services or cloud metadata (CWE-918 SSRF); fixed in 2.9.4. Reuses the AI-data-pipeline import SSRF control (NEW-CTRL-105) shared with the Dify, RAGFlow, and Label Studio data-pipeline SSRFs. CVE count 408 → 410.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-27T00:42:03.182Z",
+  "generated_at": "2026-05-27T02:39:24.209Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "13013b5a2f97fdc2569c0baf3511f90606784e9b1e429d58831ad04aa904d1b1",
-    "data/atlas-ttps.json": "8dca8b3a370632548b3d7f465686ac6b47a26920bf6f618db401e349af2a33e2",
-    "data/attack-techniques.json": "415afac98c453bb92367686e5322cff85f112225587ec60d42e460ace7fba9fa",
-    "data/cve-catalog.json": "b380a2d6b7cd170d130e605bd17e3df605a55d0574008f83b9b5e3b786450f97",
-    "data/cwe-catalog.json": "6d6277629cf78f1380b676f868e26c0c5029401bd5c3cc4d3852f3f1f2c715da",
+    "manifest.json": "4795b0961ddf17b28978fa9594db16f6717424d262b720e70fa6a07321072c02",
+    "data/atlas-ttps.json": "26d64a201c0e5461c70b7d0e6827775efb193c7654f465e5f0cf8237e0a37d80",
+    "data/attack-techniques.json": "958c8c8b85fa33464ea4c39fb612cfe69f26280b0c6d10c9e974dc2b423b99ef",
+    "data/cve-catalog.json": "c5bdd2ac0e911dede728ac24a771605fb38acd0f86775b21f34f840f3bbbbf2e",
+    "data/cwe-catalog.json": "13e85572dae38fe0ceda6b9c19190af2c5fd5637360632c7ed1633d117da0f3c",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "4e86d952ca9434af0023cd1f6e39572e754c0b2641da11a0b31696810533d304",
+    "data/framework-control-gaps.json": "a7d49316f7b1ca7f67c3b2cabdd03781f54486a763c46ebf985f77ed823f8332",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "8f5f5e28c18fac450f892ffc34bfec54d7d996ed57e5c3200ae3ffa9cdcb38b5",
+    "data/zeroday-lessons.json": "1c5386d1d7b2f07bdf879f14351b5f30360d1fde31e97bf06245b5162e66b062",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 399,
+    "chains_cve_entries": 401,
     "chains_cwe_entries": 172,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 410
+      "entry_count": 412
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 405
+      "entry_count": 407
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 410,
+      "entry_count": 412,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 405,
+      "entry_count": 407,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",

package/data/_indexes/chains.json

@@ -74182,6 +74182,330 @@
       ]
     }
   },
+  "CVE-2025-68665": {
+    "name": "LangChain JS toJSON() 'lc'-Key Serialization Injection",
+    "rwep": 25,
+    "cvss": 8.6,
+    "cisa_kev": false,
+    "epss_score": 0.00066,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
+  "CVE-2025-51480": {
+    "name": "ONNX save_external_data Path Traversal Arbitrary File Overwrite",
+    "rwep": 23,
+    "cvss": 8.8,
+    "cisa_kev": false,
+    "epss_score": 0.00366,
+    "referencing_skills": [
+      "ai-attack-surface",
+      "compliance-theater",
+      "rag-pipeline-security",
+      "threat-modeling-methodology",
+      "webapp-security",
+      "api-security",
+      "container-runtime-security"
+    ],
+    "chain": {
+      "cwes": [
+        {
+          "id": "CWE-1039",
+          "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-1188",
+          "name": "Initialization of a Resource with an Insecure Default",
+          "category": "Configuration"
+        },
+        {
+          "id": "CWE-1395",
+          "name": "Dependency on Vulnerable Third-Party Component",
+          "category": "Supply Chain"
+        },
+        {
+          "id": "CWE-1426",
+          "name": "Improper Validation of Generative AI Output",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-200",
+          "name": "Exposure of Sensitive Information to an Unauthorized Actor",
+          "category": "Information Exposure"
+        },
+        {
+          "id": "CWE-22",
+          "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
+          "category": "Path/Resource"
+        },
+        {
+          "id": "CWE-269",
+          "name": "Improper Privilege Management",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-287",
+          "name": "Improper Authentication",
+          "category": "Authentication"
+        },
+        {
+          "id": "CWE-352",
+          "name": "Cross-Site Request Forgery (CSRF)",
+          "category": "Session"
+        },
+        {
+          "id": "CWE-434",
+          "name": "Unrestricted Upload of File with Dangerous Type",
+          "category": "File Handling"
+        },
+        {
+          "id": "CWE-502",
+          "name": "Deserialization of Untrusted Data",
+          "category": "Serialization"
+        },
+        {
+          "id": "CWE-732",
+          "name": "Incorrect Permission Assignment for Critical Resource",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-77",
+          "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-78",
+          "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-787",
+          "name": "Out-of-bounds Write",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-79",
+          "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-862",
+          "name": "Missing Authorization",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-863",
+          "name": "Incorrect Authorization",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-89",
+          "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-918",
+          "name": "Server-Side Request Forgery (SSRF)",
+          "category": "Network"
+        },
+        {
+          "id": "CWE-94",
+          "name": "Improper Control of Generation of Code (Code Injection)",
+          "category": "Injection"
+        }
+      ],
+      "atlas": [
+        {
+          "id": "AML.T0010",
+          "name": "ML Supply Chain Compromise",
+          "tactic": "Initial Access"
+        },
+        {
+          "id": "AML.T0016",
+          "name": "Obtain Capabilities: Develop Capabilities",
+          "tactic": "Resource Development"
+        },
+        {
+          "id": "AML.T0017",
+          "name": "Discover ML Model Ontology",
+          "tactic": "Discovery"
+        },
+        {
+          "id": "AML.T0018",
+          "name": "Backdoor ML Model",
+          "tactic": "Persistence"
+        },
+        {
+          "id": "AML.T0020",
+          "name": "Poison Training Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0043",
+          "name": "Craft Adversarial Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0051",
+          "name": "LLM Prompt Injection",
+          "tactic": "Execution"
+        },
+        {
+          "id": "AML.T0054",
+          "name": "LLM Jailbreak",
+          "tactic": "Defense Evasion"
+        },
+        {
+          "id": "AML.T0096",
+          "name": "AI API as Covert C2 Channel",
+          "tactic": "Command and Control"
+        }
+      ],
+      "d3fend": [
+        {
+          "id": "D3-CSPP",
+          "name": "Client-server Payload Profiling",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-IOPR",
+          "name": "Input/Output Profiling Resource",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-NTA",
+          "name": "Network Traffic Analysis",
+          "tactic": "Detect"
+        }
+      ],
+      "framework_gaps": [
+        {
+          "id": "ALL-AI-PIPELINE-INTEGRITY",
+          "framework": "ALL",
+          "control_name": "AI Pipeline Integrity"
+        },
+        {
+          "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
+          "framework": "ALL",
+          "control_name": "Prompt Injection as Access Control Failure"
+        },
+        {
+          "id": "CMMC-2.0-Level-2",
+          "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
+          "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
+        },
+        {
+          "id": "FedRAMP-Rev5-Moderate",
+          "framework": "FedRAMP Rev 5 Moderate",
+          "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
+        },
+        {
+          "id": "ISO-27001-2022-A.8.28",
+          "framework": "ISO/IEC 27001:2022",
+          "control_name": "Secure coding"
+        },
+        {
+          "id": "ISO-IEC-23894-2023-clause-7",
+          "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
+          "control_name": "AI risk management process"
+        },
+        {
+          "id": "ISO-IEC-42001-2023-clause-6.1.2",
+          "framework": "ISO/IEC 42001:2023 (AI Management System)",
+          "control_name": "AI risk assessment"
+        },
+        {
+          "id": "NIST-800-218-SSDF",
+          "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
+          "control_name": "Secure Software Development Framework"
+        },
+        {
+          "id": "NIST-800-53-AC-2",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Account Management"
+        },
+        {
+          "id": "NIST-800-53-CM-7",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Least Functionality"
+        },
+        {
+          "id": "NIST-800-53-SI-12",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Information Management and Retention"
+        },
+        {
+          "id": "NIST-800-53-SI-3",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Malicious Code Protection"
+        },
+        {
+          "id": "NIST-AI-RMF-MEASURE-2.5",
+          "framework": "NIST AI RMF 1.0",
+          "control_name": "AI system to human interaction evaluation"
+        },
+        {
+          "id": "OWASP-ASVS-v5.0-V14",
+          "framework": "OWASP ASVS v5.0",
+          "control_name": "Configuration verification"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM01",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Prompt Injection"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM02",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Sensitive Information Disclosure"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM08",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Vector and Embedding Weaknesses"
+        },
+        {
+          "id": "SLSA-v1.0-Build-L3",
+          "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
+          "control_name": "Hardened build platform with non-falsifiable provenance"
+        },
+        {
+          "id": "SOC2-CC6-logical-access",
+          "framework": "SOC 2 (AICPA Trust Services Criteria)",
+          "control_name": "Logical and Physical Access Controls"
+        }
+      ],
+      "attack_refs": [
+        "T1059",
+        "T1068",
+        "T1078",
+        "T1190",
+        "T1505",
+        "T1565",
+        "T1566",
+        "T1567",
+        "T1610",
+        "T1611"
+      ],
+      "rfc_refs": [
+        "RFC-6749",
+        "RFC-7519",
+        "RFC-8032",
+        "RFC-8446",
+        "RFC-8725",
+        "RFC-9114",
+        "RFC-9421",
+        "RFC-9700"
+      ]
+    }
+  },
   "CWE-20": {
     "name": "Improper Input Validation",
     "category": "Validation",
@@ -74507,6 +74831,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -74747,6 +75072,7 @@
       "CVE-2025-3248",
       "CVE-2025-3466",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-6965",
       "CVE-2026-22218",
@@ -74946,6 +75272,7 @@
       "CVE-2025-38352",
       "CVE-2025-43300",
       "CVE-2025-49596",
+      "CVE-2025-51480",
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
@@ -75162,6 +75489,7 @@
       "CVE-2025-38352",
       "CVE-2025-43300",
       "CVE-2025-49596",
+      "CVE-2025-51480",
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
@@ -75392,6 +75720,7 @@
       "CVE-2025-38352",
       "CVE-2025-43300",
       "CVE-2025-49596",
+      "CVE-2025-51480",
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
@@ -75734,6 +76063,7 @@
       "CVE-2025-3466",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-56520",
@@ -76508,6 +76838,7 @@
       "CVE-2025-3248",
       "CVE-2025-3466",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53767",
       "CVE-2025-53773",
       "CVE-2025-56520",
@@ -76923,6 +77254,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -77578,6 +77910,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -78589,6 +78922,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -79841,6 +80175,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -80295,6 +80630,7 @@
       "CVE-2025-27520",
       "CVE-2025-3248",
       "CVE-2025-3466",
+      "CVE-2025-51480",
       "CVE-2025-6965",
       "CVE-2026-22218",
       "CVE-2026-30615",
@@ -81276,6 +81612,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -81749,6 +82086,7 @@
       "CVE-2025-49706",
       "CVE-2025-49844",
       "CVE-2025-5086",
+      "CVE-2025-51480",
       "CVE-2025-52691",
       "CVE-2025-53521",
       "CVE-2025-53690",
@@ -82590,6 +82928,7 @@
       "CVE-2025-3248",
       "CVE-2025-3466",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-6965",
       "CVE-2026-22218",
@@ -82889,6 +83228,7 @@
       "CVE-2025-27520",
       "CVE-2025-3248",
       "CVE-2025-3466",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-6965",
       "CVE-2026-22218",
@@ -83259,6 +83599,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -83622,6 +83963,7 @@
       "CVE-2025-34291",
       "CVE-2025-3466",
       "CVE-2025-49596",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-56520",
@@ -83834,6 +84176,7 @@
       "CVE-2025-3248",
       "CVE-2025-3466",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-6965",
       "CVE-2026-22218",
@@ -84602,6 +84945,7 @@
       "CVE-2025-43300",
       "CVE-2025-49596",
       "CVE-2025-49844",
+      "CVE-2025-51480",
       "CVE-2025-53773",
       "CVE-2025-54136",
       "CVE-2025-60455",
@@ -84955,6 +85299,7 @@
       "CVE-2025-34291",
       "CVE-2025-3466",
       "CVE-2025-49596",
+      "CVE-2025-51480",
       "CVE-2025-53767",
       "CVE-2025-53773",
       "CVE-2025-54136",

package/data/atlas-ttps.json

@@ -168,7 +168,8 @@
       "MAL-2026-NODE-IPC-STEALER",
       "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER",
       "MAL-2026-SHAI-HULUD-OSS",
-      "MAL-2026-TANSTACK-MINI"
+      "MAL-2026-TANSTACK-MINI",
+      "CVE-2025-51480"
     ],
     "description_full": "Adversaries may gain initial access to a system by compromising the unique portions of the AI supply chain. This could include [Hardware](/techniques/AML.T0010.000), [Data](/techniques/AML.T0010.002) and its annotations, parts of the AI [AI Software](/techniques/AML.T0010.001) stack, or the [Model](/techniques/AML.T0010.003) itself. In some instances the attacker will need secondary access to fully carry out an attack using compromised components of the supply chain.",
     "platforms": [
@@ -1298,7 +1299,8 @@
       "CVE-2025-33236",
       "CVE-2025-8747",
       "CVE-2026-31229",
-      "MAL-2024-PYPI-ULTRALYTICS-XMRIG"
+      "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
+      "CVE-2025-51480"
     ],
     "description_full": "An adversary may rely upon specific actions by a user in order to gain execution. Users may inadvertently execute unsafe code introduced via [AI Supply Chain Compromise](/techniques/AML.T0010). Users may be subjected to social engineering to get them to execute malicious code by, for example, opening a malicious document file or link.",
     "platforms": [
@@ -2885,7 +2887,8 @@
       "CVE-2025-33236",
       "CVE-2025-8747",
       "CVE-2026-31229",
-      "CVE-2026-45829"
+      "CVE-2026-45829",
+      "CVE-2025-51480"
     ]
   },
   "AML.T0011.001": {

package/data/attack-techniques.json

@@ -341,7 +341,9 @@
       "CVE-2026-39987",
       "CVE-2026-40933",
       "CVE-2026-45829",
-      "CVE-2026-6973"
+      "CVE-2026-6973",
+      "CVE-2025-68665",
+      "CVE-2025-51480"
     ],
     "description_full": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001). There are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005). Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)",
     "platforms": [
@@ -1192,7 +1194,8 @@
       "MAL-2026-3083",
       "MAL-2026-NODE-IPC-STEALER",
       "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER",
-      "MAL-2026-SHAI-HULUD-OSS"
+      "MAL-2026-SHAI-HULUD-OSS",
+      "CVE-2025-51480"
     ],
     "description_full": "Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version. Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)",
     "platforms": [
@@ -1586,7 +1589,8 @@
       "MAL-2025-PYPI-COLORAMA-SOLANA-STEALER",
       "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER",
       "CVE-2024-12450",
-      "CVE-2026-22219"
+      "CVE-2026-22219",
+      "CVE-2025-68665"
     ],
     "description_full": "Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. [Shell History](https://attack.mitre.org/techniques/T1552/003)), operating system or application-specific repositories (e.g. [Credentials in Registry](https://attack.mitre.org/techniques/T1552/002)), or other specialized files/artifacts (e.g. [Private Keys](https://attack.mitre.org/techniques/T1552/004)).(Citation: Brining MimiKatz to Unix)",
     "platforms": [
@@ -4406,7 +4410,8 @@
       "CVE-2025-32434",
       "CVE-2025-33236",
       "CVE-2025-8747",
-      "CVE-2026-31229"
+      "CVE-2026-31229",
+      "CVE-2025-51480"
     ]
   },
   "T1205": {