CNNVD-202508-054 Information
Aug 01, 2025
cve
CNNVD ID
CNNVD-202508-054
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
LangChain-ChatGLM-Webui是X-D Lab开源的一个基于针对本地知识库的自动问答AI。 LangChain-ChatGLM-Webui ef829版本存在安全漏洞,该漏洞源于不安全权限允许攻击者通过特制请求查看和下载敏感文件。
Description (English)
Langchain-ChatGM-Webui is an automatic question-and-answer AI based on an open source of X-D Lab based on a local knowledge base. The Langchain-ChatGLM-Webui ef829 version has a security loophole, which stems from the insecurity of access allowing the attackers to request access to and download sensitive documents through a special design.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
X-D Lab
Published
2025-08-01
Last Modified
2026-02-24
References
http://langchain-chatglm-webui.com https://gist.github.com/ycshao12/69a48551cc6c9cc69153d137afe9ecef https://github.com/X-D-Lab/LangChain-ChatGLM-Webui https://access.redhat.com/security/cve/cve-2025-45150
Share on: