FKIE_CVE-2025-27518

Vulnerability from fkie_nvd - Published: 2025-03-07 16:15 - Updated: 2025-03-07 16:15
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15.
References
security-advisories@github.comhttps://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15
security-advisories@github.comhttps://github.com/truefoundry/cognita/pull/424
security-advisories@github.comhttps://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15."
    },
    {
      "lang": "es",
      "value": "Cognita es un framework RAG (Retrieval Augmented Generation) para crear aplicaciones modulares de c\u00f3digo abierto para producci\u00f3n de TrueFoundry. Una configuraci\u00f3n CORS insegura en el servidor backend de Cognita permite que sitios web arbitrarios env\u00eden solicitudes entre sitios a la aplicaci\u00f3n. Esta vulnerabilidad se corrigi\u00f3 en la confirmaci\u00f3n 75079c3d3cf376381489b9a82ee46c69024e1a15."
    }
  ],
  "id": "CVE-2025-27518",
  "lastModified": "2025-03-07T16:15:39.187",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-07T16:15:39.187",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/truefoundry/cognita/pull/424"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.