CVE-2025-46724
📋 TL;DR
This vulnerability allows remote code execution through code injection in Langroid's TableChatAgent when processing untrusted user input. It affects any Langroid application that uses TableChatAgent with user-supplied data, particularly public-facing LLM applications. The issue stems from the use of pandas eval() without proper input sanitization.
💻 Affected Systems
- Langroid
📦 What is this software?
Langroid by Langroid
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing arbitrary code execution, data exfiltration, lateral movement, and complete control of the affected system.
Likely Case
Remote code execution leading to data theft, system manipulation, or deployment of malware/ransomware on vulnerable servers.
If Mitigated
No impact if proper input validation and sanitization are implemented, or if the application doesn't process untrusted input through TableChatAgent.
🎯 Exploit Status
Exploitation requires sending malicious input to a vulnerable TableChatAgent endpoint. The vulnerability is straightforward to exploit given the nature of code injection in pandas eval().
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.53.15
Vendor Advisory: https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj
Restart Required: Yes
Instructions:
1. Update Langroid to version 0.53.15 or later using pip: pip install --upgrade langroid>=0.53.15
2. Restart all Langroid applications and services
3. Verify the update was successful
🔧 Temporary Workarounds
Disable TableChatAgent for untrusted input
allTemporarily disable TableChatAgent functionality for any endpoints that process untrusted user input until patching is complete.
Implement custom input sanitization
allAdd strict input validation and sanitization for all user input passed to TableChatAgent, rejecting any input containing special characters or code patterns.
🧯 If You Can't Patch
- Implement strict input validation to reject any user input containing special characters, parentheses, brackets, or code-like patterns before it reaches TableChatAgent.
- Isolate vulnerable applications in network segments with strict egress filtering and monitor all outbound connections for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check Langroid version: python -c "import langroid; print(langroid.__version__)" and verify it's below 0.53.15. Also check if your application uses TableChatAgent with user input.Check Version:
python -c "import langroid; print(langroid.__version__)"Verify Fix Applied:
Verify Langroid version is 0.53.15 or higher: python -c "import langroid; print(langroid.__version__)" and test that TableChatAgent properly sanitizes input.📡 Detection & Monitoring
Log Indicators:
- Unusual pandas eval() errors
- Suspicious input patterns in TableChatAgent logs
- Unexpected system command execution
Network Indicators:
- Unusual outbound connections from Langroid applications
- Data exfiltration patterns
SIEM Query:
source="langroid" AND ("TableChatAgent" OR "pandas.eval") AND (suspicious_input OR error OR exception)