CVE-2025-14931

Name of the Vulnerable Software and Affected Versions Hugging Face smolagents (affected versions not specified)

Description A flaw exists in Hugging Face smolagents that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied data during the parsing of pickle data, leading to the deserialization of untrusted data. An attacker can exploit this to execute code within the service account context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.