CVE-2025-45691
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerabil
CVSS
7.5
High
EPSS
0.5%
p41
KEV
—
Exploit Today
12
0-100
Published: Mar 5, 2026 · Last modified: Jul 15, 2026 · CWE-22 · CWE-918
0.5%EPSS · 30 days0.5%
2026-06-302026-07-17
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
- adithyanak.comhttps://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability
- github.comhttps://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202
- github.comhttps://github.com/explodinggradients/ragas/pull/1559
- github.comhttps://github.com/vibrantlabsai/ragas/pull/1991
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-45691
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2444875
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45691.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-389507.5 HIG99.7%
KEV—80ZKTeco BioTime Path Traversal Vulnerability9dCVE-2026-202308.6 HIG98.5%
KEV—80Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability17dCVE-2026-4828210.0 CRI97.9%
KEV—79Adobe ColdFusion Path Traversal Vulnerability10dCVE-2026-1540910.0 CRI66.5%
KEV—70SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability2dCVE-2020-248819.8 CRI99.4%
——30SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.8dCVE-2026-445788.6 HIG98.4%
——30Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5.2d