CVE-2025-14931

Affected software: Hugging Face smolagents. Vulnerability: Deserialization of untrusted data via parsing of pickle data, enabling Remote Code Execution. Root cause: improper validation of user-supplied data during pickle deserialization. Impact: attacker can execute code in the service account co...