CVE-2026-25253

HIGH

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

CVSS v3.1 Score

8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 2/1/2026Modified: 2/13/2026

Related Intelligence (1)

LOWSupply Chain

6 ways attackers abuse AI services to hack your business

Attackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as living off the AI land. “We’re seeing it in things like poisoned MCP servers in the supply chain, attackers using legit

CVE-2025-32711CVE-2026-25253
CSO Online

References (6)

https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keysExploitThird Party Advisoryhttps://ethiack.com/news/blog/one-click-rce-moltbotExploitThird Party Advisoryhttps://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mqVendor Advisoryhttps://openclaw.ai/blogProducthttps://x.com/0xacb/status/2016913750557651228Exploithttps://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keysExploitThird Party Advisory