5 matches found
CVE-2025-25282
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...
CVE-2025-25282
creationtimestamp| type| source ---|---|--- 2025-02-21 23:31:55+00:00| published-proof-of-concept| Telegram/z-TEGJuLb-MI9QSBe5sQLLsDPvx9hpDxWNGhFcSyGduHviQ 2025-02-21 23:48:55+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114044550171978219 2025-02-21 23:57:36+00:00| seen|...
CVE-2025-25282
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...
CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...
CVE-2025-25282
CVE-2025-25282 pertains to RAGFlow, an open-source RAG engine. An authenticated user can exploit an Insecure Direct Object Reference (IDOR) vulnerability that enables unauthorized cross-tenant access, including listing tenant user accounts and adding users to other tenants. Affected behavior cent...