Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.
History

Thu, 04 Sep 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Huggingface
Huggingface smolagents
Vendors & Products Huggingface
Huggingface smolagents

Wed, 03 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 17:00:00 +0000

Type Values Removed Values Added
Description Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.
Title Sandbox escape in smolagents Local Python execution environment via dunder attributes
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: JFROG

Published:

Updated: 2025-09-03T18:48:11.974Z

Reserved: 2025-09-03T16:09:37.985Z

Link: CVE-2025-9959

cve-icon Vulnrichment

Updated: 2025-09-03T18:48:09.494Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-03T17:15:35.737

Modified: 2025-09-04T15:35:29.497

Link: CVE-2025-9959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-04T13:12:21Z