Listen to this Post
The vulnerability CVE-2025-46724 in Langroid is a bypass of a previous fix for code injection in the `pandas_eval` tool. A Web Application Firewall (WAF) in `pandas_utils.py` was designed to block unsafe expressions by checking if user input is a simple, literal value via the `_literal_ok()` function. However, this function fails securely by returning `False` for invalid input instead of raising an UnsafeCommandError. This flaw, combined with the ability to access dangerous Python dunder attributes like __init__, __globals__, and `__builtins__` through a Pandas DataFrame object, allows an attacker to construct a malicious chain of whitelisted DataFrame methods. This chain can leak the built-in `eval` function and ultimately pass a crafted payload to it, leading to arbitrary code execution.
Platform: Langroid
Version: <= 0.59.31
Vulnerability: RCE via eval
Severity: Critical
date: 2025
Prediction: 2025-08-15
What Undercode Say:
Example commands to check version and environment pip show langroid python -c "import langroid; print(langroid.<strong>version</strong>)"
Code snippet highlighting the vulnerable pattern In langroid/utils/pandas_utils.py def _literal_ok(node): ... checks ... return False Should raise UnsafeCommandError
How Exploit:
df.add_prefix("<strong>import</strong>('os').system('id')").T.groupby(by=df.<strong>init</strong>.<strong>globals</strong>['<strong>builtins</strong>']['eval'])
Protection from this CVE
Update Langroid immediately.
Implement input sanitization.
Restrict dangerous attributes.
Impact:
Remote Code Execution.
Full system compromise.
Arbitrary command execution.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

