Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.
Metrics
Affected Vendors & Products
References
History
Thu, 04 Sep 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Huggingface
Huggingface smolagents |
|
Vendors & Products |
Huggingface
Huggingface smolagents |
Wed, 03 Sep 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 03 Sep 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code. | |
Title | Sandbox escape in smolagents Local Python execution environment via dunder attributes | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: JFROG
Published:
Updated: 2025-09-03T18:48:11.974Z
Reserved: 2025-09-03T16:09:37.985Z
Link: CVE-2025-9959

Updated: 2025-09-03T18:48:09.494Z

Status : Awaiting Analysis
Published: 2025-09-03T17:15:35.737
Modified: 2025-09-04T15:35:29.497
Link: CVE-2025-9959

No data.

Updated: 2025-09-04T13:12:21Z