A critical remote code execution vulnerability has been identified in multiple Foundation Agents MetaGPT products. This flaw allows an unauthenticated remote attacker to take complete control of an affected system by sending a specially crafted message, posing a significant risk of data theft, service disruption, and further network compromise.

The vulnerability exists within the deserialize_message function, which is responsible for processing serialized data. The function fails to properly validate data supplied by a user before deserializing it. A remote, unauthenticated attacker can create a malicious object and serialize it, then send it to the affected application. When the application's deserialize_message function processes this untrusted data, it can trigger the execution of arbitrary code with the permissions of the service account running the application.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected server, allowing an attacker to steal sensitive data, deploy ransomware, disrupt business operations, or use the compromised system as a pivot point to attack other internal network resources. Since no authentication is required, the vulnerability is easily exploitable over the network, placing any internet-facing installations at extreme risk of a security breach.

Immediate Action: The primary remediation is to immediately apply security patches provided by the vendor. Update all affected installations of Foundation Agents MetaGPT Multiple Products to the latest version to mitigate this vulnerability. Following the update, review system and access logs for any signs of compromise or suspicious activity preceding the patch.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Look for unusual network traffic patterns or connections originating from the application server. Monitor application logs for errors or warnings related to the deserialize_message function. Utilize Intrusion Detection/Prevention Systems (IDS/IPS) and Endpoint Detection and Response (EDR) solutions to detect anomalous process execution or file modifications on the server.

Compensating Controls: If patching cannot be immediately deployed, implement the following compensating controls:

• Restrict network access to the affected service to only trusted IP addresses and subnets using a firewall.
• If applicable, deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious serialized payloads.
• Ensure the application is running with the lowest possible user privileges to limit the impact of a potential compromise.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the lack of an authentication requirement, this vulnerability must be treated as a top priority. All organizations using the affected Foundation Agents MetaGPT products are strongly advised to apply the vendor-supplied patches immediately. Due to the high likelihood of future exploitation, asset owners should assume that unpatched, internet-exposed systems will be targeted. While this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion, reinforcing the need for urgent action.