CVE-2025-9799

Low CVSS: 2.3

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.

Vendor

Langfuse

Product

Langfuse

CWE

CWE-918

Yayın Tarihi

2025-09-01 22:15:31

Güncelleme

2025-12-02 19:04:22

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Langfuse LOW Langfuse 2025

Referanslar

https://github.com/langfuse/langfuse/issues/8522 https://github.com/langfuse/langfuse/issues/8522#issue-3320549867 https://vuldb.com/?ctiid.322114 https://vuldb.com/?id.322114 https://vuldb.com/?submit.641128

Benzer Kayıtlar

Medium

CVE-2026-24055

Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/sla…

Medium

CVE-2025-65107

Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from…

Medium

CVE-2025-64504

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2…

High

CVE-2025-59305

Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated use…