- Description
- RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
๐จ CVE-2025-27135 ๐ด HIGH (8.9) ๐ข infiniflow - ragflow ๐๏ธ <= 0.15.1 ๐ https://t.co/1B0TbB9Ow3 ๐ https://t.co/CX38EPBZmA ๐ https://t.co/mOgkMLfHMl #CyberCron #VulnAlert https://t.co/us60j9B8C5
@cybercronai
27 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27135 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQโฆ https://t.co/czQdIfLEu8
@CVEnew
25 Feb 2025
402 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-27135: HIGH] Cyber security alert: RAGFlow engine versions 0.15.1 and below susceptible to SQL injection. No patch currently provided for ExeSQL component vulnerability.#cybersecurity,#vulnerability https://t.co/R5CdYQjW6S https://t.co/n0qOT3QCMf
@CveFindCom
25 Feb 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes