CNNVD-202511-2615 Information

CNNVD ID

CNNVD-202511-2615

Related CVE

CVE-2025-63914

• CNNVD Published: 2025-11-24

Description (Chinese)

Cinnamon kotaemon是Cinnamon开源的一个基于RAG的开源工具。 Cinnamon kotaemon 0.11.0版本存在安全漏洞，该漏洞源于_may_extract_zip函数未检查ZIP文件内容，可能导致资源耗尽。

Description (English)

Cinnamon Kotaemon is an RAG-based open source tool for Cinnamon. The Cinnamon Kotaemon version 0.11.0 contains a security loophole that stems from the fact that the ZIP file content is not checked by the may extract zip function, which may lead to depletion of the resource.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Cinnamon

Published

2025-11-24

Last Modified

2026-02-24

References

https://github.com/Cinnamon/kotaemon https://github.com/WxDou/CVE-2025-63914 https://access.redhat.com/security/cve/cve-2025-63914

Patch

https://cinnamon.github.io/kotaemon/