CVE-2025-27135

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/infiniflow/ragflow/blob/v0.15.1/agent/component/exesql.py	Product
https://github.com/infiniflow/ragflow/security/advisories/GHSA-3gqj-66qm-25jq	Vendor Advisory
https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42?pvs=4	Exploit
https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-02-25 19:15

Updated : 2025-04-22 12:57

NVD link : CVE-2025-27135

Mitre link : CVE-2025-27135

CVE.ORG link : CVE-2025-27135

JSON object : View

Products Affected

infiniflow

ragflow

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2025-27135", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-25T19:15:15.677", "references": [{"url": "https://github.com/infiniflow/ragflow/blob/v0.15.1/agent/component/exesql.py", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-3gqj-66qm-25jq", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42?pvs=4", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available."}, {"lang": "es", "value": "RAGFlow es un motor RAG (Retrieval-Augmented Generation) de c\u00f3digo abierto. Las versiones 0.15.1 y anteriores son vulnerables a la inyecci\u00f3n SQL. El componente ExeSQL extrae la sentencia SQL de la entrada y la env\u00eda directamente a la consulta de la base de datos. En el momento de la publicaci\u00f3n, no hay ninguna versi\u00f3n parcheada disponible."}], "lastModified": "2025-04-22T12:57:00.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70DE6CAB-1BCE-4542-80B3-C811349771F4", "versionEndIncluding": "0.15.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}