Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 04 Sep 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Huggingface
Huggingface smolagents
Vendors & Products Huggingface
Huggingface smolagents

Wed, 03 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 17:00:00 +0000

Type Values Removed Values Added
Description Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.
Title Sandbox escape in smolagents Local Python execution environment via dunder attributes
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: JFROG

Published:

Updated: 2025-09-03T18:48:11.974Z

Reserved: 2025-09-03T16:09:37.985Z

Link: CVE-2025-9959

cve-icon Vulnrichment

Updated: 2025-09-03T18:48:09.494Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-03T17:15:35.737

Modified: 2025-09-04T15:35:29.497

Link: CVE-2025-9959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-04T13:12:21Z