CVE-2025-14116

Name of the Vulnerable Software and Affected Versions xerrors Yuxi-Know versions up to 0.4.0

Description A server-side request forgery condition exists in the OtherEmbedding.aencode function within the /src/models/embed.py file. Manipulation of the health url argument can trigger this issue, allowing for remote exploitation. The vendor has confirmed the vulnerability and implemented security measures including disabling URL parsing, URL upload mode, and URL-to-markdown conversion. The exploit is publicly available.

Recommendations Deploy the patch 0ff771dc1933d5a6b78f804115e78a7d8625c3f3.