A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHuggingface Smolagents
APPHuggingface1.25.0
Related vulnerabilities
Sandbox escape i RCE w Huggingface Smolagents (local_python_executor)
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f fun...
W huggingface smolagents 1.24.0 zidentyfikowano słabość w funkcji requests.get/requests.post komponentu LocalP...
RCE w Huggingface Transformers — obejście trust_remote_code w LightGlue
Niebezpieczna deserializacja w LeRobot — RCE przez gRPC bez uwierzytelnienia