Sandbox Escape Vulnerability in Hugging Face SmolAgents Product

CVE-2025-5120

What is CVE-2025-5120?

CVE-2025-5120 is a critical vulnerability identified in the Hugging Face SmolAgents product, specifically affecting version 1.14.0. Hugging Face SmolAgents is designed to facilitate the development and deployment of AI agent applications by providing tools and functionalities to manage interactions and tasks. This vulnerability represents a sandbox escape flaw, allowing attackers to circumvent the intended restrictions of the execution environment. In technical terms, the issue arises from the local_python_executor.py module, which inadequately enforces checks on executing Python code. Although the module implements static and dynamic checks, attackers can exploit whitelisted functions, enabling the execution of arbitrary code on the host system. This type of vulnerability undermines the security boundaries that are crucial for isolating untrusted code, thereby posing considerable risks to organizations utilizing this product.

Potential impact of CVE-2025-5120

1. Remote Code Execution (RCE): The most significant impact of CVE-2025-5120 is the potential for remote code execution. Attackers can manipulate the vulnerability to execute malicious code on the server hosting the SmolAgents product, which can lead to full system compromise.

2. Data Leakage: Exploiting this vulnerability could allow adversaries to gain unauthorized access to sensitive data. The ability to execute arbitrary code can lead to unauthorized data extraction, risking the confidentiality of proprietary information and personal data.

3. Compromise of Integration Levels: The flaw may lead to broader implications, such as compromising integrations with other systems or APIs that rely on the SmolAgents product. This can create cascading security risks as attackers leverage compromised systems to infiltrate additional targets within the organization’s network.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References