Vulnerabilities

CVE-2025-9959

by Fred · 03/09/2025

Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.

More information : https://github.com/huggingface/smolagents/pull/1551

Similar

Tags: Cybersecurity Alert