CVE-2025-9799 in Langfuse
Summary
by MITRE • 09/02/2025
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/02/2025
The vulnerability identified as CVE-2025-9799 represents a critical server-side request forgery issue within the Langfuse platform version 3.88.0 and earlier. This security flaw resides in the promptChangeEventSourcing function located within the web/src/features/prompts/server/routers/promptRouter.ts file, specifically within the Webhook Handler component. The vulnerability stems from inadequate input validation and sanitization mechanisms that fail to properly restrict external requests initiated through the prompt change event sourcing functionality. The affected component serves as a bridge between external webhook notifications and internal system operations, creating a potential attack vector where malicious actors can manipulate the system to make unauthorized requests to arbitrary destinations.
The technical implementation of this vulnerability allows attackers to leverage the promptChangeEventSourcing function to redirect requests to internal network resources or external malicious servers. This type of flaw typically occurs when the application accepts user-supplied data without proper validation and directly uses it in constructing HTTP requests. The attack requires sophisticated manipulation of the webhook payload and demonstrates a high degree of complexity that makes exploitation challenging but not impossible. According to CWE classification, this vulnerability maps to CWE-918 Server-Side Request Forgery, which specifically addresses situations where applications fail to properly validate and sanitize URLs or hostnames used in server-side requests. The vulnerability's classification aligns with ATT&CK technique T1190 for Proxy Execution and T1071.004 for Application Layer Protocol: DNS, as the malicious requests may traverse network protocols to reach unauthorized targets.
The operational impact of this vulnerability extends beyond simple data exfiltration or service disruption. An attacker who successfully exploits this vulnerability could potentially gain access to internal systems that are normally isolated from external networks, including database servers, internal APIs, or other sensitive components. The remote exploitation capability means that attackers do not require physical access to the network or system, making this vulnerability particularly dangerous in cloud environments or multi-tenant deployments. The public availability of exploit code significantly increases the risk profile, as it reduces the barrier to entry for potential attackers and allows for rapid deployment of malicious activities. Organizations using Langfuse versions prior to the patched release face substantial risk of unauthorized access, data breaches, and potential compromise of their entire system infrastructure.
Organizations should immediately implement mitigation strategies including updating to the patched version of Langfuse, implementing network-level restrictions on outbound requests from the affected component, and deploying web application firewalls to monitor and block suspicious outbound traffic patterns. Additional security controls should include input validation at multiple layers, rate limiting on webhook endpoints, and comprehensive monitoring of system logs for unusual outbound request patterns. The implementation of principle of least privilege should be enforced on the affected webhook handler to minimize potential damage from successful exploitation attempts. Security teams should also conduct thorough network segmentation to prevent lateral movement if an attacker manages to establish a foothold through this vulnerability, while maintaining detailed audit trails to support incident response activities.