CVE-2025-59305

High CVSS: 7.6

Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.

Vendor

Langfuse

Product

Langfuse

CWE

CWE-285

Yayın Tarihi

2025-09-24 18:15:42

Güncelleme

2025-12-02 18:09:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-285 Langfuse HIGH Langfuse 2025

Referanslar

https://depthfirst.com/post/how-an-authorization-flaw-reveals-a-common-security-blind-spot-cve-2025-59305-case-study

Benzer Kayıtlar

Medium

CVE-2026-24055

Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/sla…

Medium

CVE-2025-65107

Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from…

Medium

CVE-2025-64504

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2…

Low

CVE-2025-9799

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChang…