CVE-2025-14931

CRITICAL

Hugging Face smolagents - Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-14931. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-14931, demonstrating a critical unsafe deserialization vulnerability in Hugging Face smolagents. The exploit leverages Python's pickle module to achieve arbitrary code execution on the host machine, bypassing sandbox isolation.

Description

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of pickle data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28312.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-14931

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-14931, demonstrating a critical unsafe deserialization vulnerability in Hugging Face smolagents. The exploit leverages Python's pickle module to achieve arbitrary code execution on the host machine, bypassing sandbox isolation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Hugging Face smolagents v1.10.0 through v1.24.0

No auth needed

Prerequisites: Access to a sandboxed environment or ability to intercept/modify communication channels

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_research-advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-1143/

Scores

CVSS v3 10.0

EPSS 0.0309

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-502

Status published

Products (2)

Hugging Face/smolagents 1.22.0

pypi/smolagents 0 - 1.23.0PyPI

Published Dec 23, 2025

Tracked Since Feb 18, 2026