cvelistv5 - cve-2025-27518

CVE-2025-27518 (GCVE-0-2025-27518)

Vulnerability from cvelistv5 – Published: 2025-03-07 15:36 – Updated: 2025-03-07 21:49

Summary

Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://securitylab.github.com/advisories/GHSL-20…	x_refsource_CONFIRM
	https://github.com/truefoundry/cognita/pull/424	x_refsource_MISC
	https://github.com/truefoundry/cognita/commit/750…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	truefoundry	cognita	Affected: < 75079c3d3cf376381489b9a82ee46c69024e1a15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T21:49:28.933508Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T21:49:40.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cognita",
          "vendor": "truefoundry",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 75079c3d3cf376381489b9a82ee46c69024e1a15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-07T15:36:48.366Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/"
        },
        {
          "name": "https://github.com/truefoundry/cognita/pull/424",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/truefoundry/cognita/pull/424"
        },
        {
          "name": "https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15"
        }
      ],
      "source": {
        "advisory": "GHSA-cqm5-7wv3-9g6c",
        "discovery": "UNKNOWN"
      },
      "title": "Cognita CORS misconfiguration in backend API server"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-27518",
    "datePublished": "2025-03-07T15:36:48.366Z",
    "dateReserved": "2025-02-26T18:11:52.307Z",
    "dateUpdated": "2025-03-07T21:49:40.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27518\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-07T16:15:39.187\",\"lastModified\":\"2025-03-07T16:15:39.187\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15.\"},{\"lang\":\"es\",\"value\":\"Cognita es un framework RAG (Retrieval Augmented Generation) para crear aplicaciones modulares de c\u00f3digo abierto para producci\u00f3n de TrueFoundry. Una configuraci\u00f3n CORS insegura en el servidor backend de Cognita permite que sitios web arbitrarios env\u00eden solicitudes entre sitios a la aplicaci\u00f3n. Esta vulnerabilidad se corrigi\u00f3 en la confirmaci\u00f3n 75079c3d3cf376381489b9a82ee46c69024e1a15.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/truefoundry/cognita/pull/424\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Cognita CORS misconfiguration in backend API server\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-79\", \"lang\": \"en\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\", \"version\": \"4.0\"}}], \"references\": [{\"name\": \"https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/\"}, {\"name\": \"https://github.com/truefoundry/cognita/pull/424\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/truefoundry/cognita/pull/424\"}, {\"name\": \"https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15\"}], \"affected\": [{\"vendor\": \"truefoundry\", \"product\": \"cognita\", \"versions\": [{\"version\": \"\u003c 75079c3d3cf376381489b9a82ee46c69024e1a15\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-07T15:36:48.366Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15.\"}], \"source\": {\"advisory\": \"GHSA-cqm5-7wv3-9g6c\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27518\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-07T21:49:28.933508Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-07T21:49:36.198Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27518\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-02-26T18:11:52.307Z\", \"datePublished\": \"2025-03-07T15:36:48.366Z\", \"dateUpdated\": \"2025-03-07T21:49:40.505Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-27518

Vulnerability from fkie_nvd - Published: 2025-03-07 16:15 - Updated: 2025-03-07 16:15

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N