CVE-2025-46725 – langroid

Package

Manager: pip
Name: langroid
Vulnerable Version: >=0 <0.53.15

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00074 pctl0.22865

Details

Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store ### Summary [LanceDocChatAgent](https://github.com/langroid/langroid/blob/main/langroid/agent/special/lance_doc_chat_agent.py#L158) uses pandas eval() through `compute_from_docs()`: https://github.com/langroid/langroid/blob/18667ec7e971efc242505196f6518eb19a0abc1c/langroid/vector_store/base.py#L136-L150 As a result, an attacker may be able to make the agent run malicious commands through [QueryPlan.dataframe_calc](https://github.com/langroid/langroid/blob/main/langroid/agent/special/lance_tools.py#L16) compromising the host system. ### Fix Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

Metadata

Created: 2025-05-20T18:01:52Z
Modified: 2025-05-20T20:56:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-22c2-9gwg-mj59/GHSA-22c2-9gwg-mj59.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-22c2-9gwg-mj59
Finding: F184
Auto approve: 1