CNNVD-202511-2425 Information

CNNVD ID

CNNVD-202511-2425

Related CVE

CVE-2025-65107

• CNNVD Published: 2025-11-21

Description (Chinese)

langfuse是Langfuse开源的一个大语言模型工程平台。 langfuse 2.95.0版本至2.95.12之前版本和3.17.0版本至3.131.0之前版本存在跨站请求伪造漏洞，该漏洞源于SSO配置不当，可能导致账户接管。

Description (English)

langfuse is a large-language modelling platform for the Langfuse open source. langfuse 2.95.0 to 2.95.2 and 3.17.0 to 3.1.131.0 have a false gap in cross-site requests, which stems from the inappropriate configuration of the SSO, which may lead to the taking over of the account.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Langfuse

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/langfuse/langfuse/security/advisories/GHSA-w9pw-c549-5m6w https://access.redhat.com/security/cve/cve-2025-65107

Patch

https://github.com/langfuse/langfuse/releases