Platform
python
Component
smolagents
Fixed in
1.17.0
1.17.0
CVE-2025-5120 is a critical remote code execution (RCE) vulnerability discovered in huggingface/smolagents versions up to 1.9.2. This flaw allows attackers to bypass the intended sandbox environment and execute arbitrary code on the host system. The vulnerability resides within the localpythonexecutor.py module, where inadequate restrictions on Python code execution permit exploitation of whitelisted modules and functions. A patch is available in version 1.17.0.
The impact of CVE-2025-5120 is severe. Successful exploitation allows an attacker to execute arbitrary code within the context of the smolagents process, effectively gaining control of the host system. This could lead to data theft, system compromise, and potential lateral movement within the network. The vulnerability's ability to bypass the intended sandbox significantly expands the attack surface, as it circumvents security measures designed to isolate untrusted code. The lack of robust restrictions on whitelisted modules means attackers can leverage seemingly benign functions to achieve malicious goals. This is particularly concerning in environments where smolagents is used to process untrusted input or interact with sensitive data.
CVE-2025-5120 was publicly disclosed on 2025-07-27. The vulnerability's severity and ease of exploitation suggest a medium probability of exploitation (EPSS score pending). Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation. Monitor security advisories and threat intelligence feeds for updates on exploitation attempts and potential attack campaigns.
Exploit Status
EPSS
0.30% (53% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-5120 is to upgrade to version 1.17.0 or later of huggingface/smolagents. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the localpythonexecutor.py module and carefully review the whitelisted modules and functions to ensure they are not exploitable. Implement strict input validation and sanitization to prevent malicious code from being injected into the execution environment. Monitor system logs for suspicious activity related to Python processes and smolagents execution. After upgrading, confirm the fix by attempting to execute code through the localpythonexecutor.py module and verifying that the sandbox restrictions are properly enforced.
Update the huggingface/smolagents library to version 1.17.0 or higher. This will resolve the sandbox escape vulnerability. You can update using `pip install huggingface/smolagents==1.17.0` or an equivalent command from your package manager.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-5120 is a critical remote code execution vulnerability in huggingface/smolagents versions up to 1.9.2. It allows attackers to bypass the sandbox and execute arbitrary code on the host system.
You are affected if you are using huggingface/smolagents versions 1.14.0 through 1.9.2. Upgrade to version 1.17.0 or later to mitigate the risk.
The recommended fix is to upgrade to version 1.17.0 or later of huggingface/smolagents. If upgrading is not possible, implement temporary workarounds such as restricting access to the vulnerable module.
While active exploitation has not been confirmed, the vulnerability's severity and ease of exploitation suggest a medium probability of exploitation. Monitor security advisories for updates.
Refer to the official huggingface security advisory for detailed information and updates regarding CVE-2025-5120: [https://huggingface.co/security/CVE-2025-5120](https://huggingface.co/security/CVE-2025-5120)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.