AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-12695: The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 4, 2025CVE-2025-12695

Summary

CVE-2025-12695 is a vulnerability in DSPy (a framework for building AI agents) where an overly permissive sandbox configuration (a restricted environment meant to limit what code can do) allows attackers to steal sensitive files when users build an AI agent that takes user input and uses the PythonInterpreter class (a tool that runs Python code). The vulnerability stems from improper isolation, meaning the sandbox doesn't adequately separate the untrusted code from the rest of the system.

Vulnerability Details

CVSS Score

5.9(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Data Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-653

Affected Vendors

HuggingFace

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Same vendorNVD/CVE Database

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

First tracked: February 15, 2026 at 08:36 PM

Classified by LLM (prompt v3) · confidence: 85%