CNNVD-202507-3410 Information

CNNVD ID

CNNVD-202507-3410

Related CVE

CVE-2025-5120

• CNNVD Published: 2025-07-27

Description (Chinese)

smolagents是Hugging Face开源的一个代理的基本库。 smolagents 1.14.0版本存在代码注入漏洞，该漏洞源于local_python_executor.py模块限制不足，可能导致远程代码执行。

Description (English)

The smolagents are an agent’s basic library of Hugging Face. Version 1.14.0 of smolagents contains a code-injection loophole, which stems from inadequate limitations of the local python executor.py module, which may lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

Hugging Face

Published

2025-07-27

Last Modified

2026-02-24

References

https://huntr.com/bounties/63ab1cfe-b573-4cf5-a7d3-fb6c957e34b0 https://github.com/huggingface/smolagents/commit/33a942e62b6fbf6a35d41f1c735bda2d64c163d0 https://access.redhat.com/security/cve/cve-2025-5120

Patch

https://github.com/huggingface/smolagents/releases