CVE-2025-53358
Summary (CVE-2025-53358) : Kotaemon, an open‑source RAG-based document tool, is affected in versions up to 0.10.6. The function index_fn in libs/ktem/ktem/index/file/ui.py accepts both URLs and local file paths without validation, causing the pipeline to stream and store these paths. This enables...