CVE-2025-45691
CVE-2025-45691
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
05 mar 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/security/cve/CVE-2025-45691https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerabilityhttps://bugzilla.redhat.com/show_bug.cgi?id=2444875https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202https://github.com/explodinggradients/ragas/pull/1559https://github.com/vibrantlabsai/ragas/pull/1991https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45691.json