CVE-2025-4515

Name of the Vulnerable Software and Affected Versions Zylon PrivateGPT versions up to 0.6.2

Description A problematic issue was found in Zylon PrivateGPT, affecting an unknown part of the file settings.yaml. The manipulation of the allow origins argument leads to a permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely.

Recommendations For Zylon PrivateGPT versions up to 0.6.2, as a temporary workaround, consider restricting the allow origins argument to trusted domains until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.