CNNVD-202506-3593 Information
CNNVD ID
CNNVD-202506-3593
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
LightRAG是中国HKU大学的一款检索增强生成的应用程序。 LightRAG 1.3.8及之前版本存在路径遍历漏洞,该漏洞源于文件lightrag/api/routers/document_routes.py中参数file.filename的错误操作导致路径遍历。
Description (English)
LightRAG is a search-enhanced application at HKU University in China. LightRAG 1.3.8 and previous versions have path-to-path loopholes, which stem from the error of the parameter file Lightrag/api/routers/document routes.py leading to path-to-path.filename.
Hazard Level
High
Vulnerability Type
路径遍历
Published
2025-06-27
Last Modified
2026-02-24
References
https://github.com/HKUDS/LightRAG/commit/60777d535b719631680bcf5d0969bdef79ca4eaf https://github.com/HKUDS/LightRAG/issues/1692 https://github.com/HKUDS/LightRAG/issues/1692#issuecomment-3009368235 https://vuldb.com/?ctiid.314089 https://vuldb.com/?id.314089 https://vuldb.com/?submit.601276 https://access.redhat.com/security/cve/cve-2025-6773
Patch
https://github.com/HKUDS/LightRAG/releases
Share on: