How severe is CVE-2025-46724?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-46724?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2025-46724

CRITICAL Year: 2025

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-94

View all →

Vulnerability Description

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

CVE-2006-3136

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nu...

CWE-942006

CVE-2006-5021

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parame...

CWE-942006

CVE-2006-5610

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code...

CWE-942006

CVE-2006-6975

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disp...

CWE-942006

CVE-2006-7105

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclo...

CWE-942006

CVE-2007-4290

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, ...

CWE-942007

CVE-2025-46724

Vulnerability Description

Related Vulnerabilities

CVE-2006-3136

CVE-2006-5021

CVE-2006-5610

CVE-2006-6975

CVE-2006-7105

CVE-2007-4290