CVE-2025-59305

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Langfuse versions prior to d67b317

Description An improper authorization issue exists in the background migration endpoints of Langfuse. Any authenticated user can invoke migration control functions, potentially leading to data corruption or denial of service. This is due to unauthorized access to TRPC endpoints, including backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.

Recommendations Versions prior to d67b317 should be updated to d67b317 or later.

Exploit

Fix

DoS

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2025-59305

Affected Products

Langfuse

CVE-2025-59305

Weakness Enumeration

Related Identifiers

Affected Products

References · 19