CVE-2025-12695 MEDIUM

CVE-2025-12695: Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox

Weakness CWE-653
Published November 4, 2025
Last update November 4, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.

Key dates

02Disclosure timeline

November 4, 2025 CVE published
November 4, 2025 Record updated