CVE-2025-9799 in Langfuse情報

要約

〜によって MITRE • 2025年09月02日

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

VulDB

公開

2025年09月02日

モデレーション

承諾済み

エントリ

VDB-322114

CPE

準備完了

CWE

CWE-918 (確認済み)

エクスプロイト

ダウンロード

CVSS

5.0 (CNA)

EPSS

0.00065

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9799
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9799
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9799/

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!