CNNVD-202511-172 Information

CNNVD ID

CNNVD-202511-172

Related CVE

CVE-2025-12695

• CNNVD Published: 2025-11-04

Description (Chinese)

dspy是Stanford NLP开源的一个的用于编程的人工智能框架。 dspy存在安全漏洞，该漏洞源于沙箱配置过于宽松，可能导致攻击者窃取敏感文件。

Description (English)

dspy is a programming AI framework for Stanford NLP open source. Dspy has a security loophole, which stems from too loose a sandbox configuration, which could lead to attackers stealing sensitive documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Stanford NLP

Published

2025-11-04

Last Modified

2026-02-24

References

https://research.jfrog.com/vulnerabilities/dspy-sandbox-escape-arbitrary-file-read-jfsa-2025-001495652/ https://access.redhat.com/security/cve/cve-2025-12695