CVE-2025-11844 – Hugging Face Smolagents version 1.20.0 contains... (How to Fix)

📋 TL;DR

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function that allows attackers to inject malicious XPath syntax. This enables bypassing search filters, accessing unintended DOM elements, and disrupting web automation workflows, potentially leading to information disclosure and manipulation of AI agent interactions. Users of Smolagents 1.20.0 who process untrusted input in web automation tasks are affected.

💻 Affected Systems

Products:

Hugging Face Smolagents

Versions: Version 1.20.0

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the search_item_ctrl_f function with untrusted user input.

📦 What is this software?

Smolagents by Huggingface

View all CVEs affecting Smolagents →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of web automation workflows, unauthorized access to sensitive DOM elements, manipulation of AI agent decision-making, and potential data exfiltration from automated web interactions.

🟠

Likely Case

Bypass of search filters leading to unintended DOM element access, disruption of automated web tasks, and potential information disclosure from web pages being processed.

🟢

If Mitigated

Limited impact with proper input validation and sanitization, potentially only causing minor automation workflow disruptions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the ability to supply input to the vulnerable function, which typically requires some level of access to the automation system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.22.0

Vendor Advisory: https://github.com/huggingface/smolagents/commit/f570ed5e17999d4cf7d5e79c2830fbaefab8a794

Restart Required: No

Instructions:

1. Update Smolagents to version 1.22.0 or later using pip: pip install --upgrade smolagents>=1.22.0
2. Verify the update completed successfully
3. Test web automation workflows to ensure functionality

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for all user-supplied input passed to the search_item_ctrl_f function

Function Restriction

all

Restrict or disable the search_item_ctrl_f function if not essential for operations

🧯 If You Can't Patch

Implement strict input validation to sanitize all user input before passing to XPath queries
Use parameterized XPath queries or XPath libraries that support safe parameter binding

🔍 How to Verify

Check if Vulnerable:

Check if Smolagents version is 1.20.0 by examining package version or running: python -c "import smolagents; print(smolagents.__version__)"

Check Version:

python -c "import smolagents; print(smolagents.__version__)"

Verify Fix Applied:

Verify Smolagents version is 1.22.0 or higher using: python -c "import smolagents; print(smolagents.__version__)"

📡 Detection & Monitoring

Log Indicators:

Unusual XPath query patterns
Failed web automation tasks
Unexpected DOM element access attempts

Network Indicators:

Abnormal web request patterns from automation systems

SIEM Query:

source="smolagents" AND (event="xpath_error" OR event="search_failure")

📊 Metadata

CVE ID: CVE-2025-11844

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-643

EPSS Score: 0.05% exploit probability (13.8th percentile)

Published: October 22, 2025

Last Updated: October 30, 2025

🔗 References

https://github.com/huggingface/smolagents/commit/f570ed5e17999d4cf7d5e79c2830fbaefab8a794 Patch
https://huntr.com/bounties/01ab4405-9bca-4b26-b7a3-5ca1863a69b4 Exploit,Third Party Advisory
https://huntr.com/bounties/01ab4405-9bca-4b26-b7a3-5ca1863a69b4 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11844, you might also want to check these: