5.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2025-11844

GHSA ID

GHSA-8mf9-rmgw-33qc

EPSS Score

CWE

CWE-643

Published

10/22/2025

Updated

10/22/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-11844

CVE-2025-11844: Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitization or escaping. This allows an attacker to inject malicious XPath syntax that can alter the intended query logic. The vulnerability enables attackers to bypass search filters, access unintended DOM elements, and disrupt web automation workflows. This can lead to information disclosure, manipulation of AI agent interactions, and compromise the reliability of automated web tasks. The issue is fixed in version 1.22.0.

(GitHub Advisory)

5.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2025-11844

GHSA ID

GHSA-8mf9-rmgw-33qc

EPSS Score

CWE

CWE-643

Published

10/22/2025

Updated

10/22/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
smolagents	pip	< 1.22.0	1.22.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability analysis identified search_item_ctrl_f in src/smolagents/vision_web_browser.py as the vulnerable function. The root cause is the direct and unsafe concatenation of user-provided input (text) into an XPath query. The evidence from the patch is the removal of the line elements = driver.find_elements(By.XPATH, f"//*[contains(text(), \'{text}\')]"), which clearly shows the insecure construction of the XPath expression. An attacker could supply a crafted string like ') or '1'='1 to manipulate the query. The fix involves adding a sanitization function _escape_xpath_string and using it to clean the input before it is included in the query: escaped_text = _escape_xpath_string(text) and elements = driver.find_elements(By.XPATH, f"//*[contains(text(), {escaped_text})]"). When this vulnerability is triggered, the search_item_ctrl_f function would be present in any runtime profile or stack trace, as it is the entry point for the malicious input and the location of the flawed logic.

Vulnerable functions

search_item_ctrl_f

src/smolagents/vision_web_browser.py

The function `search_item_ctrl_f` is vulnerable to XPath injection. It constructs an XPath query by directly embedding the user-provided `text` parameter into the query string without proper sanitization. An attacker can provide a malicious string for the `text` parameter to alter the XPath query's logic, potentially leading to unauthorized data access or other unintended behaviors.

WAF Protection Rules

WAF Rule

*u**in* **** Smol***nts v*rsion *.**.* *ont*ins *n XP*t* inj**tion vuln*r**ility in t** s**r**_it*m_*trl_* *un*tion lo**t** in sr*/smol***nts/vision_w**_*rows*r.py. T** *un*tion *onstru*ts *n XP*t* qu*ry *y *ir**tly *on**t*n*tin* us*r-suppli** input

Reasoning

T** vuln*r**ility *n*lysis i**nti*i** `s**r**_it*m_*trl_*` in `sr*/smol***nts/vision_w**_*rows*r.py` *s t** vuln*r**l* *un*tion. T** root **us* is t** *ir**t *n* uns*** *on**t*n*tion o* us*r-provi*** input (`t*xt`) into *n XP*t* qu*ry. T** *vi**n** *

5.4

Basic Information

Concerned about an active attack path?

CVE-2025-11844: Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI