CVE-2025-45691

CVSS v4.0

7.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Name of the Vulnerable Software and Affected Versions Exploding Gradients RAGAS versions 0.2.3 through 0.2.14

Description An arbitrary file read issue exists in the ImageTextPromptValue class. This is due to insufficient validation and sanitization of URLs provided in the retrieved contexts parameter when processing multimodal inputs.

Recommendations Update to a version of Exploding Gradients RAGAS newer than 0.2.14.

Exploit

Fix

SSRF

Path traversal

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-22CWE-770

Related Identifiers

CVE-2025-45691

GHSA-V2XR-WVRV-P969

Affected Products

Ragas

CVE-2025-45691

Weakness Enumeration

Related Identifiers

Affected Products

References · 12