CVE-2025-46725: Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store

May 20, 2025

LanceDocChatAgent uses pandas eval() through compute_from_docs(): https://github.com/langroid/langroid/blob/18667ec7e971efc242505196f6518eb19a0abc1c/langroid/vector_store/base.py#L136-L150

As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframe_calc compromising the host system.

References

github.com/advisories/GHSA-22c2-9gwg-mj59
github.com/langroid/langroid
github.com/langroid/langroid/commit/0d9e4a7bb3ae2eef8d38f2e970ff916599a2b2a6
github.com/langroid/langroid/security/advisories/GHSA-22c2-9gwg-mj59
nvd.nist.gov/vuln/detail/CVE-2025-46725

Code Behaviors & Features

Detect and mitigate CVE-2025-46725 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →