CVE-2025-48187

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/infiniflow/ragflow/commits/main/	Patch
https://www.cnblogs.com/qiushuo/p/18881084	Exploit
https://www.cnblogs.com/qiushuo/p/18881084	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*

History

12 Jun 2025, 16:29

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-17 13:15

Updated : 2025-06-12 16:29

NVD link : CVE-2025-48187

Mitre link : CVE-2025-48187

CVE.ORG link : CVE-2025-48187

JSON object : View

Products Affected

infiniflow

ragflow

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

NVD-CWE-noinfo

{"id": "CVE-2025-48187", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-05-17T13:15:47.750", "references": [{"url": "https://github.com/infiniflow/ragflow/commits/main/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://www.cnblogs.com/qiushuo/p/18881084", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.cnblogs.com/qiushuo/p/18881084", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-307"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting."}, {"lang": "es", "value": "RAGFlow, hasta la versi\u00f3n 0.18.1, permite el robo de cuentas, ya que es posible realizar ataques de fuerza bruta contra c\u00f3digos de verificaci\u00f3n de correo electr\u00f3nico para realizar registros, inicios de sesi\u00f3n y restablecimientos de contrase\u00f1a arbitrarios. Los c\u00f3digos tienen seis d\u00edgitos y no tienen l\u00edmite de velocidad."}], "lastModified": "2025-06-12T16:29:12.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DBC5B6A-6597-43FA-8B39-591F0DF844D2", "versionEndIncluding": "0.18.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}