CNNVD-202509-028 Information

CNNVD ID

CNNVD-202509-028

Related CVE

CVE-2025-9799

• CNNVD Published: 2025-09-01

Description (Chinese)

langfuse是Langfuse开源的一个大语言模型工程平台。 langfuse 3.88.0及之前版本存在代码问题漏洞，该漏洞源于对文件web/src/features/prompts/server/routers/promptRouter.ts中函数promptChangeEventSourcing的错误操作导致服务端请求伪造。

Description (English)

langfuse is a large-language modelling platform for the Langfuse open source. There is a code problem loophole in the langfuse 3.88.0 and previous versions, which arises from the mishandling of the function promptChangeEventSurcing in the documentweb/src/features/prompts/server/routers/promptRouter.ts, resulting in the forgery of the service request.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Langfuse

Published

2025-09-01

Last Modified

2026-02-24

References

https://vuldb.com/?submit.641128 https://vuldb.com/?id.322114 https://vuldb.com/?ctiid.322114 https://github.com/langfuse/langfuse/issues/8522#issue-3320549867 https://access.redhat.com/security/cve/cve-2025-9799 https://nvd.nist.gov/vuln/detail/CVE-2025-9799

Patch

https://langfuse.com/