A high-severity vulnerability has been discovered in multiple New products, specifically affecting the New API LLM gateway and AI asset management system. This flaw, with a CVSS score of 8.5, could allow an unauthenticated attacker to remotely execute arbitrary code, potentially leading to a complete system compromise, theft of sensitive data, and exfiltration of proprietary AI models. Organizations are urged to apply the vendor-provided security updates immediately to mitigate the significant risk of a security breach.

This vulnerability is a critical remote code execution (RCE) flaw within the New API gateway's request processing component. An unauthenticated remote attacker can exploit this by sending a specially crafted API request to a vulnerable endpoint. Due to improper input validation, this malicious request can bypass security checks and allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the gateway service account.

This vulnerability presents a significant threat to the organization, categorized as High severity with a CVSS score of 8.5. Successful exploitation could result in a complete compromise of the AI infrastructure, leading to severe consequences such as the theft of sensitive business data being processed by the LLMs, exfiltration of valuable proprietary AI models, and disruption of critical AI-powered services. An attacker could also use the compromised gateway as a foothold to pivot and launch further attacks against the internal network, escalating the scope and impact of the breach.

Immediate Action: The primary and most effective remediation is to apply the security updates provided by the vendor across all affected systems immediately. Prioritize patching for internet-facing systems. After patching, it is crucial to review access logs and system logs for any signs of compromise or exploitation attempts that may have occurred before the patch was applied.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes scrutinizing API gateway logs for malformed or unusual requests, monitoring for unexpected outbound network connections from gateway servers, and using endpoint detection and response (EDR) tools to identify anomalous process execution or file modifications on the host systems.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk:

• Restrict network access to the API gateway, allowing connections only from trusted and explicitly authorized IP addresses.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to inspect and block the malicious request patterns associated with this vulnerability.
• Enhance logging and alerting for the affected systems to enable faster detection of potential exploitation attempts.

Public Exploit Available: false

Given the high severity (CVSS 8.5) of this remote code execution vulnerability, immediate action is required. Although this CVE is not currently listed on the CISA KEV catalog, its critical impact makes it a prime candidate for future inclusion. We strongly recommend that organizations prioritize the immediate deployment of vendor-supplied patches to all affected systems, starting with those exposed to the internet. Concurrently, security teams must increase monitoring for any signs of compromise, as the window between disclosure and active exploitation is often short for vulnerabilities of this nature.