High severity7.6NVD Advisory· Published Sep 3, 2025· Updated Apr 15, 2026

CVE-2025-9959

Description

Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.

Affected products

Huggingface/Smolagentsreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/huggingface/smolagents/pull/1551nvd
research.jfrog.com/vulnerabilities/smolagents-local-python-sandbox-escape-jfsa-2025-001434277/nvd

News mentions

No linked articles in our index yet.

cvss	0.494
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000