CVE-2025-5120
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-27

Last updated on: 2025-08-07

Assigner: huntr.dev

Description
A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py module, which inadequately restricts Python code execution despite employing static and dynamic checks. Attackers can exploit whitelisted modules and functions to execute arbitrary code, compromising the host system. This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. The issue is resolved in version 1.17.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-27
Last Modified
2025-08-07
Generated
2026-05-07
AI Q&A
2025-07-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5120
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
huggingface smolagents 1.14.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a sandbox escape in huggingface/smolagents version 1.14.0. It allows attackers to bypass the restricted execution environment in the local_python_executor.py module and execute arbitrary Python code remotely. The issue arises because the module inadequately restricts code execution despite static and dynamic checks, enabling attackers to exploit whitelisted modules and functions to run unauthorized code. This compromises the host system by breaking the security boundary meant to isolate untrusted code.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized remote code execution on the host system, allowing attackers to run arbitrary code. This can result in data leakage, unauthorized access, and potential compromise of integrations or other system components, severely impacting system security and integrity.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves verifying the version of huggingface/smolagents installed and testing for unauthorized code execution attempts via the local_python_executor.py module. You can check the installed version with a command like `pip show smolagents` or inspect the package version in your environment. Additionally, attempts to exploit the vulnerability might involve executing Python code that tries to access unauthorized modules or functions indirectly. While no specific detection commands are provided, monitoring for unexpected Python code execution or sandbox escape attempts in logs or runtime behavior is advisable. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade huggingface/smolagents to version 1.17.0 or later, where the vulnerability is fixed. This update includes enhanced runtime checks that prevent unauthorized access to submodules and dangerous functions, effectively blocking sandbox escape attempts. Until the upgrade is applied, restrict usage of the vulnerable local_python_executor.py module and monitor for suspicious activity involving indirect attribute access or execution of unauthorized code. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart