CVE-2025-12695

Name of the Vulnerable Software and Affected Versions DSPy (affected versions not specified)

Description An overly permissive sandbox configuration in DSPy can allow attackers to steal sensitive files. This occurs when users create an AI agent that processes user input and utilizes the “PythonInterpreter” class. The issue stems from an insecure configuration that does not adequately restrict access to system resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.