Home > Vulnerability Database > CVE-2025-46726

Mend.io Vulnerability Database

CVE-2025-46726

Good to know:

Date: May 5, 2025

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging "XMLToolMessage" class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.

Severity Score

9.1

Related Resources (6)

Url: https://github.com/langroid/langroid/security/advisories/GHSA-pw95-88fg-3j6f

Url: https://github.com/langroid/langroid/blob/df6227e6c079ec22bb2768498423148d6685acff/langroid/agent/xml_tool_message.py#L51-L52

Url: https://github.com/langroid/langroid/commit/36e7e7db4dd1636de225c2c66c84052b1e9ac3c3

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46726

Url: https://github.com/langroid/langroid

Url: https://www.mend.io/vulnerability-database/CVE-2025-46726

Severity Score

9.1

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Top Fix

Upgrade Version

Upgrade to version langroid - 0.53.4;langroid - 0.53.4;https://github.com/langroid/langroid.git - 0.53.4

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46726

Good to know:

Date: May 5, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?