Command Injection Vulnerability in Langroid Framework by Langroid
CVE-2025-46725

8.1HIGH

Key Information:

Vendor: Langroid
Status: Langroid
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-46725?

The Langroid Framework, utilized for developing applications powered by large language models, had a serious command injection vulnerability prior to version 0.53.15. In affected versions, the LanceDocChatAgent component improperly utilized the pandas eval() function within compute_from_docs(), potentially allowing an attacker to execute arbitrary commands on the host system. Version 0.53.15 mitigates this risk by implementing input sanitization for this function by default and includes clear warnings regarding the associated risks in its documentation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

langroid < 0.53.15

References

https://github.com/langroid/langroid/security/advisories/...

x_refsource_CONFIRM

https://github.com/langroid/langroid/commit/0d9e4a7bb3ae2...

x_refsource_MISC

CVSS V4

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 28, 2025

JSON

Langroid

What is CVE-2025-46725?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.