Primary

Context

JFrog DSPy Sandbox Escape Vulnerability Allowing Arbitrary File Read

Vulnerability

A vulnerability in JFrog DSPy has been identified, stemming from an overly permissive sandbox configuration. This flaw allows attackers to read sensitive files when users create AI agents that process input and utilize the 'PythonInterpreter' class. The issue arises from the insecure handling of untrusted code within the sandbox environment.

Impact

Exploitation of this vulnerability could lead to unauthorized access and reading of sensitive files on the system.

Reproduction

To reproduce this vulnerability, create an AI agent in DSPy that accepts user input and uses the 'PythonInterpreter' class. The vulnerable sandbox configuration will allow the execution of code that can fetch and read sensitive files, such as '/etc/passwd'.

Added: Nov 4, 2025, 2:25 PM

Updated: Nov 4, 2025, 3:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JFrog DSPy Sandbox Escape Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating