NatroMacro, an open‑source AutoHotkey macro for Bee Swarm Simulator, executed any AHK code embedded in pattern or path files prior to version 1.1.0. A malicious actor can craft a shared file that contains executable code; when the macro loads the file, the code runs silently in the background, enabling the attacker to perform any action the macro has permission to execute. This vulnerability is a classic instance of code injection and its impact enables full control of the host system, compromising confidentiality, integrity, and availability.

All installations of NatroTeam NatroMacro running a version earlier than 1.1.0 that permit automatic loading of pattern and path files from shared locations. The known affected vendor/product combination is NatroTeam NatroMacro, as documented by the CNA, with the affected version range spanning all releases before 1.1.0.

The CVSS base score of 6.6 indicates moderate severity, and the EPSS score of less than 1% suggests low exploitation likelihood under current conditions. The vulnerability is not listed in CISA’s KEV catalog, implying no publicly confirmed, large‑scale exploitation. Exploitation requires a user to run NatroMacro with an untrusted pattern or path file; once executed, the macro has full access to the user’s machine. Consequently the risk is elevated for environments where users regularly share or ingest such files, and mitigation actions should be prioritized to avoid potential compromise.