CVE-2025-11844: 
Python vulnerability analysis and mitigation

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability (CVE-2025-11844) in the searchitemctrlf function located in src/smolagents/visionweb_browser.py. The vulnerability was discovered on October 22, 2025, and affects versions up to 1.22.0. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitization or escaping (NVD, Miggo).

The vulnerability stems from the direct concatenation of user-provided input into XPath queries without proper sanitization in the searchitemctrlf function. The CVSS v3.0 base score is 5.4 (Medium) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. The issue is classified as CWE-643 (Improper Neutralization of Data within XPath Expressions). The vulnerable code directly embedded user input into the XPath query using the line elements = driver.findelements(By.XPATH, f"//[contains(text(), '{text}')]") (Miggo, GitHub Patch).

The vulnerability enables attackers to bypass search filters, access unintended DOM elements, and disrupt web automation workflows. This can lead to information disclosure, manipulation of AI agent interactions, and compromise the reliability of automated web tasks (NVD).

The vulnerability has been fixed in Smolagents version 1.22.0. The fix involves adding a new escapexpath_string function to properly sanitize user input before including it in XPath queries. Users should upgrade to version 1.22.0 or later to address this vulnerability (GitHub Patch).