Enviar #777623: HuggingFace smolagents 1.25.0.dev0 CWE-693información

TítuloHuggingFace smolagents 1.25.0.dev0 CWE-693
Descripción# Technical Details A Sandbox Escape via Augmented Assignment Dunder Read Bypass exists in the evaluate_augassign() function in src/smolagents/local_python_executor.py (lines 652-654) of smolagents. This is an incomplete fix for CVE-2025-9959. The CVE-2025-9959 fix added a dunder attribute access block in evaluate_attribute (line 390), but evaluate_augassign contains its own internal helper get_current_value that reads attribute values through a completely independent code path using raw getattr() without any dunder check. Similarly, the set_value function (line 822) writes attributes via raw setattr() without any dunder check. # Vulnerable Code File: src/smolagents/local_python_executor.py (lines 652-654) Method: evaluate_augassign.get_current_value() Why: Uses raw getattr(obj, target.attr) to read attribute values without checking for dunder attributes. This bypasses the dunder block in evaluate_attribute. File: src/smolagents/local_python_executor.py (lines 820-822) Method: set_value() Why: Uses raw setattr(obj, target.attr, value) to write attribute values without checking for dunder attributes, allowing __code__ overwrite. # Reproduction 1. Install smolagents (pip install smolagents). 2. Create a LocalPythonExecutor instance. 3. Execute code that uses augmented assignment on __code__ (e.g., victim.__code__ += Trap()) - this bypasses the dunder check. 4. The Trap class uses __radd__ to capture the code object, then constructs a malicious CodeType with RCE bytecode. 5. Overwrite the victim function's __code__ with the malicious code and call it - achieves arbitrary command execution. # Impact - Full Remote Code Execution on the host system. - Any smolagents CodeAgent using default LocalPythonExecutor is vulnerable. - Exploitable via prompt injection in content the agent processes.
Fuente⚠️ https://gist.github.com/YLChen-007/7146f45960f79bc1e2976fed526e0a9b
Usuario
 Eric-z (UID 95890)
Sumisión2026-03-11 14:23 (hace 19 días)
Moderación2026-03-27 09:18 (16 days later)
EstadoAceptado
Entrada de VulDB353840 [huggingface smolagents 1.25.0.dev0 Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_augassign/evaluate_call/evaluate_with escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!