CVE-2025-45691

{"id": "CVE-2025-45691", "cveTags": [], "metrics": {}, "published": "2026-03-05T19:16:00.027", "references": [{"url": "https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability", "source": "[email protected]"}, {"url": "https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202", "source": "[email protected]"}, {"url": "https://github.com/explodinggradients/ragas/pull/1559", "source": "[email protected]"}, {"url": "https://github.com/vibrantlabsai/ragas/pull/1991", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs."}], "lastModified": "2026-03-05T19:38:33.877", "sourceIdentifier": "[email protected]"}