ГлавнаяУязвимости → CVE-2025-48187
9.1критическая

CVE-2025-48187

Описание

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.

Затрагиваемое ПО
Infiniflow Ragflow
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/infiniflow/ragflow/commits/main/https://www.cnblogs.com/qiushuo/p/18881084https://www.cnblogs.com/qiushuo/p/18881084