CVE-2025-45691

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-45691

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45691.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-45691

Aliases

GHSA-v2xr-wvrv-p969

Published

2026-03-05T19:16:00.027Z

Modified

2026-03-15T22:51:10.853139Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

References

Affected packages

Git / github.com/vibrantlabsai/ragas

Affected ranges

Type

GIT

Repo

https://github.com/vibrantlabsai/ragas

Events

Introduced

e7987e5634896e62453bab0bf043b270b3faf15e

Last affected

414a518613d15341bbafaf2b8d630ce59db6af97

Database specific

{
    "versions": [
        {
            "introduced": "0.2.3"
        },
        {
            "last_affected": "0.2.14"
        }
    ]
}

Affected versions

v0.*

v0.2.10

v0.2.11

v0.2.12

v0.2.13

v0.2.14

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.2.8

v0.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45691.json"