DoS Risk in Langroid Framework Prior to Version 0.53.4
CVE-2025-46726

7.8HIGH

Key Information:

Vendor

Langroid

Status
Langroid
Vendor
CVE Published:
5 May 2025

What is CVE-2025-46726?

Prior to version 0.53.4, the Langroid framework was susceptible to vulnerabilities stemming from the XMLToolMessage class. This flaw allowed attackers to supply untrusted XML input, which could potentially lead to denial of service (DoS) conditions or unauthorized access to sensitive local files. The issue was addressed in version 0.53.4, ensuring that applications built with Langroid are better protected against these threats.

Affected Version(s)

langroid < 0.53.4

References

https://github.com/langroid/langroid/security/advisories/...
x_refsource_CONFIRM
https://github.com/langroid/langroid/commit/36e7e7db4dd16...
x_refsource_MISC
https://github.com/langroid/langroid/blob/df6227e6c079ec2...
x_refsource_MISC

CVSS V4

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.