CVE-2025-7894

Name of the Vulnerable Software and Affected Versions Onyx versions up to 0.29.1

Description A critical issue has been identified in Onyx, potentially allowing for SQL injection. This occurs through manipulation of the generate simple sql function within the backend/onyx/agents/agent search/kb search/nodes/a3 generate simple sql.py file of the Chat Interface component. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 0.29.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.