ГлавнаяУязвимости → CVE-2025-45691
7.5высокая

CVE-2025-45691

Описание

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

Затрагиваемое ПО
Vibrantlabsai Ragas
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerabilityhttps://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202https://github.com/explodinggradients/ragas/pull/1559https://github.com/vibrantlabsai/ragas/pull/1991https://access.redhat.com/security/cve/CVE-2025-45691https://bugzilla.redhat.com/show_bug.cgi?id=2444875https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45691.json