CVE-2025-9959

Vulnerability Description

Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.

Vulnerability Details

Published Date

September 03, 2025

Last Modified

September 04, 2025

Source

NVD

CVE-2025-9959

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment