diff --git a/nncf/vulnerability.py b/nncf/vulnerability.py
new file mode 100644
index 00000000000..86e8d595eda
--- /dev/null
+++ b/nncf/vulnerability.py
@@ -0,0 +1,45 @@
+# Copyright (c) 2025 Intel Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#      http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import sqlite3
+from tempfile import mktemp
+
+
+def execute_command(command):
+    os.system(command)
+
+
+user_command = input("Enter shell command: ")
+execute_command(user_command)
+
+
+def get_user_data(user_id):
+    conn = sqlite3.connect("example.db")
+    cursor = conn.cursor()
+
+    query = f"SELECT * FROM users WHERE id = {user_id}"
+    cursor.execute(query)
+
+    result = cursor.fetchall()
+    conn.close()
+    return result
+
+
+user_input = input("Enter user ID: ")
+print(get_user_data(user_input))
+
+
+def write_results(results):
+    filename = mktemp()
+    with open(filename, "w+") as f:
+        f.write(results)
+    print("Results written to", filename)
diff --git a/vulnerability.py b/vulnerability.py
new file mode 100644
index 00000000000..86e8d595eda
--- /dev/null
+++ b/vulnerability.py
@@ -0,0 +1,45 @@
+# Copyright (c) 2025 Intel Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#      http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import sqlite3
+from tempfile import mktemp
+
+
+def execute_command(command):
+    os.system(command)
+
+
+user_command = input("Enter shell command: ")
+execute_command(user_command)
+
+
+def get_user_data(user_id):
+    conn = sqlite3.connect("example.db")
+    cursor = conn.cursor()
+
+    query = f"SELECT * FROM users WHERE id = {user_id}"
+    cursor.execute(query)
+
+    result = cursor.fetchall()
+    conn.close()
+    return result
+
+
+user_input = input("Enter user ID: ")
+print(get_user_data(user_input))
+
+
+def write_results(results):
+    filename = mktemp()
+    with open(filename, "w+") as f:
+        f.write(results)
+    print("Results written to", filename)