CVE-2025-12695

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

GHSA-VVW2-H478-XWR3 DSPy does not properly restrict file reads

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

DSPy does not properly restrict file reads

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

agent-toolkit (=0.1.9), ailite (>=6.0.0 <=6.1.10) +39 more potentially affected by CVE-2025-12695 via dspy (>=0.1.5 <=3.0.3)

dspy PYPI version =0.1.5, =6.0.0, =0.1.0, =0.1.9, =2.5.5, =0.1.0, =2.8.0, =0.2.1, =0.1.0, =0.1.1 and more Source cves: CVE-2025-12695 Source advisory: OSV:GHSA-VVW2-H478-XWR3...

CVE-2025-12695

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

agent-toolkit (=0.1.9), ailite (>=6.0.0 <=6.1.10) +40 more potentially affected by CVE-2025-12695 via dspy (>=0.1.5 <=3.1.0)

dspy PYPI version =0.1.5, =6.0.0, =0.1.0, =0.1.9, =2.5.5, =0.1.0, =2.8.0, =0.2.1, =0.5.400 and more Source cves: CVE-2025-12695 Source advisory: SNYK:PYTHON-DSPY-13832222...

Improper Isolation or Compartmentalization

Overview dspy is a DSPy Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization via the PythonInterpreter class. An attacker can access arbitrary files by executing untrusted code within the sandbox. Remediation Upgrade dspy to version 3.1.2 or higher...

CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

PT-2025-44999

Name of the Vulnerable Software and Affected Versions DSPy affected versions not specified Description An overly permissive sandbox configuration in DSPy can allow attackers to steal sensitive files. This occurs when users create an AI agent that processes user input and utilizes the...

dspy 安全漏洞

dspy is a Stanford NLP open source artificial intelligence framework for programming. A security vulnerability exists in dspy that stems from an overly lax sandbox configuration that could allow an attacker to steal sensitive files...