CVE-2025-5120

Public Exploit

Sandbox Escape Vulnerability in huggingface/smolagents

Description

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py module, which inadequately restricts Python code execution despite employing static and dynamic checks. Attackers can exploit whitelisted modules and functions to execute arbitrary code, compromising the host system. This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. The issue is resolved in version 1.17.0.

References

Link	Tags
https://huntr.com/bounties/63ab1cfe-b573-4cf5-a7d3-fb6c957e34b0	exploit third party advisory
https://github.com/huggingface/smolagents/commit/33a942e62b6fbf6a35d41f1c735bda2d64c163d0	patch

Frequently Asked Questions

What is the severity of CVE-2025-5120?: CVE-2025-5120 has been scored as a critical severity vulnerability.
How to fix CVE-2025-5120?: To fix CVE-2025-5120, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-5120 being actively exploited in the wild?: It is possible that CVE-2025-5120 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-5120?: CVE-2025-5120 affects huggingface huggingface/smolagents.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions