CNNVD-202509-3802 Information

CNNVD ID

CNNVD-202509-3802

Related CVE

CVE-2025-59305

• CNNVD Published: 2025-09-24

Description (Chinese)

langfuse是Langfuse开源的一个大语言模型工程平台。 langfuse存在安全漏洞，该漏洞源于背景迁移端点授权不当，可能导致数据损坏或拒绝服务攻击。

Description (English)

langfuse is a large-language modelling platform for the Langfuse open source. There is a security loophole in Langfuse, which stems from inappropriate authorization of the endpoint of the background migration, which may lead to data damage or denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Langfuse

Published

2025-09-24

Last Modified

2026-02-24

References

https://depthfirst.webflow.io/post/how-an-authorization-flaw-reveals-a-common-security-blind-spot-cve-2025-59305-case-study https://github.com/langfuse/langfuse/pull/9028 https://access.redhat.com/security/cve/cve-2025-59305

Patch

https://github.com/langfuse/langfuse/releases