CVE-2025-46725

Affects: large language model

CVSS: CRITICAL · 9.8 v3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: 2025-05-20
Weakness: CWE-94
Source: nvd.nist.gov/vuln/detail/CVE-2025-46725

Description

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, LanceDocChatAgent uses pandas eval() through compute_from_docs(). As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframe_calc]) compromising the host system. Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

References

How GTK Cyber trains on this

AI security training at GTK Cyber covers the LLM and ML-pipeline vulnerability classes that vulnerabilities like CVE-2025-46725 fall into. Our hands-on courses are taught by Charles Givre and other practitioners who break and defend production AI systems.

AI Red-Teaming course → · Browse MITRE ATLAS techniques

Related AI/LLM CVEs

AI security training, taught by people who do the work.

Hands-on courses on adversarial AI, prompt injection, and ML pipeline security.

Explore AI Red-Teaming