CVE-2025-12695
DSPy does not properly restrict file reads
5.9
MEDIUM
CVSS 3.1
EPSS 0.01%
Description
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
How to fix CVE-2025-12695
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- PyPI/dspy—no fix listed
Is CVE-2025-12695 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 3.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |