CVE-2025-9799 (GCVE-0-2025-9799)
Vulnerability from cvelistv5 – Published: 2025-09-01 22:02 – Updated: 2025-09-02 20:10
VLAI?
Title
Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery
Summary
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Langfuse |
Affected:
3.0
Affected: 3.1 Affected: 3.2 Affected: 3.3 Affected: 3.4 Affected: 3.5 Affected: 3.6 Affected: 3.7 Affected: 3.8 Affected: 3.9 Affected: 3.10 Affected: 3.11 Affected: 3.12 Affected: 3.13 Affected: 3.14 Affected: 3.15 Affected: 3.16 Affected: 3.17 Affected: 3.18 Affected: 3.19 Affected: 3.20 Affected: 3.21 Affected: 3.22 Affected: 3.23 Affected: 3.24 Affected: 3.25 Affected: 3.26 Affected: 3.27 Affected: 3.28 Affected: 3.29 Affected: 3.30 Affected: 3.31 Affected: 3.32 Affected: 3.33 Affected: 3.34 Affected: 3.35 Affected: 3.36 Affected: 3.37 Affected: 3.38 Affected: 3.39 Affected: 3.40 Affected: 3.41 Affected: 3.42 Affected: 3.43 Affected: 3.44 Affected: 3.45 Affected: 3.46 Affected: 3.47 Affected: 3.48 Affected: 3.49 Affected: 3.50 Affected: 3.51 Affected: 3.52 Affected: 3.53 Affected: 3.54 Affected: 3.55 Affected: 3.56 Affected: 3.57 Affected: 3.58 Affected: 3.59 Affected: 3.60 Affected: 3.61 Affected: 3.62 Affected: 3.63 Affected: 3.64 Affected: 3.65 Affected: 3.66 Affected: 3.67 Affected: 3.68 Affected: 3.69 Affected: 3.70 Affected: 3.71 Affected: 3.72 Affected: 3.73 Affected: 3.74 Affected: 3.75 Affected: 3.76 Affected: 3.77 Affected: 3.78 Affected: 3.79 Affected: 3.80 Affected: 3.81 Affected: 3.82 Affected: 3.83 Affected: 3.84 Affected: 3.85 Affected: 3.86 Affected: 3.87 Affected: 3.88.0 |
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:51:53.283383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T20:10:18.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Webhook Handler"
],
"product": "Langfuse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
},
{
"status": "affected",
"version": "3.4"
},
{
"status": "affected",
"version": "3.5"
},
{
"status": "affected",
"version": "3.6"
},
{
"status": "affected",
"version": "3.7"
},
{
"status": "affected",
"version": "3.8"
},
{
"status": "affected",
"version": "3.9"
},
{
"status": "affected",
"version": "3.10"
},
{
"status": "affected",
"version": "3.11"
},
{
"status": "affected",
"version": "3.12"
},
{
"status": "affected",
"version": "3.13"
},
{
"status": "affected",
"version": "3.14"
},
{
"status": "affected",
"version": "3.15"
},
{
"status": "affected",
"version": "3.16"
},
{
"status": "affected",
"version": "3.17"
},
{
"status": "affected",
"version": "3.18"
},
{
"status": "affected",
"version": "3.19"
},
{
"status": "affected",
"version": "3.20"
},
{
"status": "affected",
"version": "3.21"
},
{
"status": "affected",
"version": "3.22"
},
{
"status": "affected",
"version": "3.23"
},
{
"status": "affected",
"version": "3.24"
},
{
"status": "affected",
"version": "3.25"
},
{
"status": "affected",
"version": "3.26"
},
{
"status": "affected",
"version": "3.27"
},
{
"status": "affected",
"version": "3.28"
},
{
"status": "affected",
"version": "3.29"
},
{
"status": "affected",
"version": "3.30"
},
{
"status": "affected",
"version": "3.31"
},
{
"status": "affected",
"version": "3.32"
},
{
"status": "affected",
"version": "3.33"
},
{
"status": "affected",
"version": "3.34"
},
{
"status": "affected",
"version": "3.35"
},
{
"status": "affected",
"version": "3.36"
},
{
"status": "affected",
"version": "3.37"
},
{
"status": "affected",
"version": "3.38"
},
{
"status": "affected",
"version": "3.39"
},
{
"status": "affected",
"version": "3.40"
},
{
"status": "affected",
"version": "3.41"
},
{
"status": "affected",
"version": "3.42"
},
{
"status": "affected",
"version": "3.43"
},
{
"status": "affected",
"version": "3.44"
},
{
"status": "affected",
"version": "3.45"
},
{
"status": "affected",
"version": "3.46"
},
{
"status": "affected",
"version": "3.47"
},
{
"status": "affected",
"version": "3.48"
},
{
"status": "affected",
"version": "3.49"
},
{
"status": "affected",
"version": "3.50"
},
{
"status": "affected",
"version": "3.51"
},
{
"status": "affected",
"version": "3.52"
},
{
"status": "affected",
"version": "3.53"
},
{
"status": "affected",
"version": "3.54"
},
{
"status": "affected",
"version": "3.55"
},
{
"status": "affected",
"version": "3.56"
},
{
"status": "affected",
"version": "3.57"
},
{
"status": "affected",
"version": "3.58"
},
{
"status": "affected",
"version": "3.59"
},
{
"status": "affected",
"version": "3.60"
},
{
"status": "affected",
"version": "3.61"
},
{
"status": "affected",
"version": "3.62"
},
{
"status": "affected",
"version": "3.63"
},
{
"status": "affected",
"version": "3.64"
},
{
"status": "affected",
"version": "3.65"
},
{
"status": "affected",
"version": "3.66"
},
{
"status": "affected",
"version": "3.67"
},
{
"status": "affected",
"version": "3.68"
},
{
"status": "affected",
"version": "3.69"
},
{
"status": "affected",
"version": "3.70"
},
{
"status": "affected",
"version": "3.71"
},
{
"status": "affected",
"version": "3.72"
},
{
"status": "affected",
"version": "3.73"
},
{
"status": "affected",
"version": "3.74"
},
{
"status": "affected",
"version": "3.75"
},
{
"status": "affected",
"version": "3.76"
},
{
"status": "affected",
"version": "3.77"
},
{
"status": "affected",
"version": "3.78"
},
{
"status": "affected",
"version": "3.79"
},
{
"status": "affected",
"version": "3.80"
},
{
"status": "affected",
"version": "3.81"
},
{
"status": "affected",
"version": "3.82"
},
{
"status": "affected",
"version": "3.83"
},
{
"status": "affected",
"version": "3.84"
},
{
"status": "affected",
"version": "3.85"
},
{
"status": "affected",
"version": "3.86"
},
{
"status": "affected",
"version": "3.87"
},
{
"status": "affected",
"version": "3.88.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "In Langfuse bis 3.88.0 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion promptChangeEventSourcing der Datei web/src/features/prompts/server/routers/promptRouter.ts der Komponente Webhook Handler. Mit der Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T22:02:09.356Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322114 | Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322114"
},
{
"name": "VDB-322114 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322114"
},
{
"name": "Submit #641128 | langfuse https://github.com/langfuse/langfuse \u003c=3.88.0 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.641128"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/langfuse/langfuse/issues/8522"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/langfuse/langfuse/issues/8522#issue-3320549867"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T14:29:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9799",
"datePublished": "2025-09-01T22:02:09.356Z",
"dateReserved": "2025-09-01T12:23:02.536Z",
"dateUpdated": "2025-09-02T20:10:18.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9799\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-09-01T22:15:31.283\",\"lastModified\":\"2025-12-02T19:04:22.443\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:langfuse:langfuse:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.88.0\",\"matchCriteriaId\":\"F5561CC2-09A8-4C6D-84CD-E804A8FBFED7\"}]}]}],\"references\":[{\"url\":\"https://github.com/langfuse/langfuse/issues/8522\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/langfuse/langfuse/issues/8522#issue-3320549867\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://vuldb.com/?ctiid.322114\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.322114\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.641128\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9799\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-02T19:51:53.283383Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-02T19:55:47.973Z\"}}], \"cna\": {\"title\": \"Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"ZAST.AI (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 2.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4.6, \"vectorString\": \"AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"Webhook Handler\"], \"product\": \"Langfuse\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\"}, {\"status\": \"affected\", \"version\": \"3.1\"}, {\"status\": \"affected\", \"version\": \"3.2\"}, {\"status\": \"affected\", \"version\": \"3.3\"}, {\"status\": \"affected\", \"version\": \"3.4\"}, {\"status\": \"affected\", \"version\": \"3.5\"}, {\"status\": \"affected\", \"version\": \"3.6\"}, {\"status\": \"affected\", \"version\": \"3.7\"}, {\"status\": \"affected\", \"version\": \"3.8\"}, {\"status\": \"affected\", \"version\": \"3.9\"}, {\"status\": \"affected\", \"version\": \"3.10\"}, {\"status\": \"affected\", \"version\": \"3.11\"}, {\"status\": \"affected\", \"version\": \"3.12\"}, {\"status\": \"affected\", \"version\": \"3.13\"}, {\"status\": \"affected\", \"version\": \"3.14\"}, {\"status\": \"affected\", \"version\": \"3.15\"}, {\"status\": \"affected\", \"version\": \"3.16\"}, {\"status\": \"affected\", \"version\": \"3.17\"}, {\"status\": \"affected\", \"version\": \"3.18\"}, {\"status\": \"affected\", \"version\": \"3.19\"}, {\"status\": \"affected\", \"version\": \"3.20\"}, {\"status\": \"affected\", \"version\": \"3.21\"}, {\"status\": \"affected\", \"version\": \"3.22\"}, {\"status\": \"affected\", \"version\": \"3.23\"}, {\"status\": \"affected\", \"version\": \"3.24\"}, {\"status\": \"affected\", \"version\": \"3.25\"}, {\"status\": \"affected\", \"version\": \"3.26\"}, {\"status\": \"affected\", \"version\": \"3.27\"}, {\"status\": \"affected\", \"version\": \"3.28\"}, {\"status\": \"affected\", \"version\": \"3.29\"}, {\"status\": \"affected\", \"version\": \"3.30\"}, {\"status\": \"affected\", \"version\": \"3.31\"}, {\"status\": \"affected\", \"version\": \"3.32\"}, {\"status\": \"affected\", \"version\": \"3.33\"}, {\"status\": \"affected\", \"version\": \"3.34\"}, {\"status\": \"affected\", \"version\": \"3.35\"}, {\"status\": \"affected\", \"version\": \"3.36\"}, {\"status\": \"affected\", \"version\": \"3.37\"}, {\"status\": \"affected\", \"version\": \"3.38\"}, {\"status\": \"affected\", \"version\": \"3.39\"}, {\"status\": \"affected\", \"version\": \"3.40\"}, {\"status\": \"affected\", \"version\": \"3.41\"}, {\"status\": \"affected\", \"version\": \"3.42\"}, {\"status\": \"affected\", \"version\": \"3.43\"}, {\"status\": \"affected\", \"version\": \"3.44\"}, {\"status\": \"affected\", \"version\": \"3.45\"}, {\"status\": \"affected\", \"version\": \"3.46\"}, {\"status\": \"affected\", \"version\": \"3.47\"}, {\"status\": \"affected\", \"version\": \"3.48\"}, {\"status\": \"affected\", \"version\": \"3.49\"}, {\"status\": \"affected\", \"version\": \"3.50\"}, {\"status\": \"affected\", \"version\": \"3.51\"}, {\"status\": \"affected\", \"version\": \"3.52\"}, {\"status\": \"affected\", \"version\": \"3.53\"}, {\"status\": \"affected\", \"version\": \"3.54\"}, {\"status\": \"affected\", \"version\": \"3.55\"}, {\"status\": \"affected\", \"version\": \"3.56\"}, {\"status\": \"affected\", \"version\": \"3.57\"}, {\"status\": \"affected\", \"version\": \"3.58\"}, {\"status\": \"affected\", \"version\": \"3.59\"}, {\"status\": \"affected\", \"version\": \"3.60\"}, {\"status\": \"affected\", \"version\": \"3.61\"}, {\"status\": \"affected\", \"version\": \"3.62\"}, {\"status\": \"affected\", \"version\": \"3.63\"}, {\"status\": \"affected\", \"version\": \"3.64\"}, {\"status\": \"affected\", \"version\": \"3.65\"}, {\"status\": \"affected\", \"version\": \"3.66\"}, {\"status\": \"affected\", \"version\": \"3.67\"}, {\"status\": \"affected\", \"version\": \"3.68\"}, {\"status\": \"affected\", \"version\": \"3.69\"}, {\"status\": \"affected\", \"version\": \"3.70\"}, {\"status\": \"affected\", \"version\": \"3.71\"}, {\"status\": \"affected\", \"version\": \"3.72\"}, {\"status\": \"affected\", \"version\": \"3.73\"}, {\"status\": \"affected\", \"version\": \"3.74\"}, {\"status\": \"affected\", \"version\": \"3.75\"}, {\"status\": \"affected\", \"version\": \"3.76\"}, {\"status\": \"affected\", \"version\": \"3.77\"}, {\"status\": \"affected\", \"version\": \"3.78\"}, {\"status\": \"affected\", \"version\": \"3.79\"}, {\"status\": \"affected\", \"version\": \"3.80\"}, {\"status\": \"affected\", \"version\": \"3.81\"}, {\"status\": \"affected\", \"version\": \"3.82\"}, {\"status\": \"affected\", \"version\": \"3.83\"}, {\"status\": \"affected\", \"version\": \"3.84\"}, {\"status\": \"affected\", \"version\": \"3.85\"}, {\"status\": \"affected\", \"version\": \"3.86\"}, {\"status\": \"affected\", \"version\": \"3.87\"}, {\"status\": \"affected\", \"version\": \"3.88.0\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-09-01T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-09-01T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-09-01T14:29:18.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.322114\", \"name\": \"VDB-322114 | Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.322114\", \"name\": \"VDB-322114 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.641128\", \"name\": \"Submit #641128 | langfuse https://github.com/langfuse/langfuse \u003c=3.88.0 SSRF\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/langfuse/langfuse/issues/8522\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/langfuse/langfuse/issues/8522#issue-3320549867\", \"tags\": [\"exploit\", \"issue-tracking\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.\"}, {\"lang\": \"de\", \"value\": \"In Langfuse bis 3.88.0 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion promptChangeEventSourcing der Datei web/src/features/prompts/server/routers/promptRouter.ts der Komponente Webhook Handler. Mit der Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff l\\u00e4sst sich \\u00fcber das Netzwerk starten. Die Komplexit\\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\\u00f6ffentlicht und kann verwendet werden.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"Server-Side Request Forgery\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-09-01T22:02:09.356Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9799\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-02T20:10:18.439Z\", \"dateReserved\": \"2025-09-01T12:23:02.536Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-09-01T22:02:09.356Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…