CVE-2025-68700

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.0

Description RAGFlow is a Retrieval-Augmented Generation engine susceptible to arbitrary system command execution. A low-privileged authenticated user can execute commands on the server host process through the Canvas CodeExec component, bypassing sandbox isolation. This is due to the use of eval() on untrusted data (standard output) without filtering or sandboxing, intended to convert string results into Python objects. Additional API endpoints lack access control or have incorrect permission logic, increasing the attack surface. The eval() function allows execution of attacker-controlled code.

Recommendations Update to version 0.23.0 or later.