CVE-2025-11844 MEDIUM

CVE-2025-11844: XPath Injection in Hugging Face Smolagents search_item_ctrl_f Function

Vendor Huggingface
Product huggingface/smolagents
Weakness CWE-643 · XPath injection
Published October 22, 2025
Last update October 22, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitization or escaping. This allows an attacker to inject malicious XPath syntax that can alter the intended query logic. The vulnerability enables attackers to bypass search filters, access unintended DOM elements, and disrupt web automation workflows. This can lead to information disclosure, manipulation of AI agent interactions, and compromise the reliability of automated web tasks. The issue is fixed in version 1.22.0.

Key dates

02Disclosure timeline

October 22, 2025 CVE published
October 22, 2025 Record updated