CVE-2025-45691
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
ragas: arbitrary file read via improper URL validation in multimodal inputs
Additional References
- https://access.redhat.com/security/cve/CVE-2025-45691
- https://bugzilla.redhat.com/show_bug.cgi?id=2444875
- https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45691.json
References
- https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability
- https://github.com/explodinggradients/ragas/pull/1559
- https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202
- https://github.com/vibrantlabsai/ragas/pull/1991
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.