CVE-2025-9799

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-9799

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9799.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9799

Published

2025-09-01T22:15:31.283Z

Modified

2026-04-10T05:36:47.206372Z

Severity

1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.

References

Affected packages

Git / github.com/langfuse/langfuse

Affected ranges

Type

GIT

Repo

https://github.com/langfuse/langfuse

Events

Introduced

Last affected

e07120b16361c6a3417addb12a0440a8dd204c64

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.88.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.0-rc.2

v1.*

v1.0.1

v1.1.0

v1.10.0

v1.11.0

v1.11.1

v1.12.0

v1.13.0

v1.13.2

v1.13.3

v1.14.0

v1.15.0

v1.15.1

v1.16.0

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.18.0

v1.18.1

v1.19.0

v1.19.1

v1.19.2

v1.19.3

v1.19.4

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.24.1

v1.24.2

v1.25.0

v1.26.0

v1.27.0

v1.27.1

v1.27.2

v1.27.3

v1.28.0

v1.28.1

v1.29.0

v1.3.0

v1.30.0

v1.30.1

v1.31.0

v1.31.1

v1.31.2

v1.31.3

v1.31.4

v1.32.0

v1.32.1

v1.32.2

v1.32.3

v1.33.0

v1.33.1

v1.33.10

v1.33.2

v1.33.3

v1.33.5

v1.33.6

v1.33.7

v1.33.8

v1.33.9

v1.34.0

v1.34.1

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.6.0

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1

v1.9.2

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.10.1

v2.10.10

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.10.8

v2.10.9

v2.11.0

v2.11.1

v2.11.2

v2.11.3

v2.12.0

v2.12.1

v2.13.0

v2.13.1

v2.14.0

v2.14.1

v2.14.2

v2.14.3

v2.14.4

v2.14.5

v2.14.6

v2.15.0

v2.15.1

v2.15.2

v2.15.3

v2.15.4

v2.15.5

v2.16.0

v2.16.1

v2.16.2

v2.17.0

v2.18.0

v2.18.1

v2.19.0

v2.19.1

v2.2.0

v2.20.0

v2.21.0

v2.21.1

v2.21.2

v2.22.0

v2.23.0

v2.24.0

v2.24.1

v2.25.0

v2.25.1

v2.26.0

v2.26.1

v2.27.0

v2.28.0

v2.29.0

v2.29.1

v2.29.2

v2.3.0

v2.30.0

v2.30.1

v2.30.2

v2.31.0

v2.32.0

v2.33.0

v2.34.0

v2.35.0

v2.36.0

v2.36.1

v2.37.0

v2.37.1

v2.37.2

v2.37.3

v2.38.0

v2.38.1

v2.38.2

v2.39.0

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.40.0

v2.41.0

v2.41.1

v2.42.0

v2.43.0

v2.43.1

v2.43.2

v2.44.0

v2.45.0

v2.45.1

v2.46.0

v2.47.0

v2.47.1

v2.47.2

v2.47.3

v2.47.4

v2.47.5

v2.47.6

v2.47.7

v2.48.0

v2.48.1

v2.49.0

v2.49.1

v2.49.2

v2.5.0

v2.5.1

v2.50.0

v2.51.0

v2.52.0

v2.52.1

v2.53.0

v2.54.0

v2.55.0

v2.55.1

v2.56.0

v2.56.1

v2.57.0

v2.58.0

v2.59.0

v2.59.1

v2.6.0

v2.60.0

v2.60.1

v2.60.2

v2.60.3

v2.60.4

v2.61.0

v2.61.1

v2.62.0

v2.63.0

v2.63.1

v2.64.0

v2.65.0

v2.65.1

v2.66.0

v2.67.0

v2.68.0

v2.69.0

v2.7.0

v2.7.1

v2.7.2

v2.70.0

v2.70.1

v2.71.0

v2.72.0

v2.73.0

v2.74.0

v2.75.0

v2.75.1

v2.75.2

v2.76.0

v2.77.0

v2.78.0

v2.79.0

v2.8.0

v2.80.0

v2.81.0

v2.81.1

v2.81.2

v2.82.0

v2.83.0

v2.83.1

v2.84.0

v2.84.1

v2.85.0

v2.85.1

v2.86.0

v2.87.0

v2.88.0

v2.89.0

v2.9.0

v2.9.1

v2.90.0

v2.90.1

v2.91.0

v2.92.0

v2.93.0

v3.*

v3.0.0

v3.0.0-rc.1

v3.0.0-rc.2

v3.0.0-rc.3

v3.0.0-rc.4

v3.0.0-rc.5

v3.0.0-rc.6

v3.1.0

v3.1.1

v3.10.0

v3.11.0

v3.11.1

v3.12.0

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.17.0

v3.17.1

v3.18.0

v3.19.0

v3.2.0

v3.20.0

v3.21.0

v3.22.0

v3.23.0

v3.24.0

v3.24.1

v3.25.0

v3.26.0

v3.27.0

v3.27.1

v3.27.2

v3.28.0

v3.28.1

v3.28.3

v3.29.0

v3.29.1

v3.3.0

v3.30.0

v3.31.0

v3.32.0

v3.32.1

v3.33.0

v3.33.1

v3.34.0

v3.34.1

v3.35.0

v3.35.1

v3.36.0

v3.37.0

v3.38.0

v3.39.0

v3.4.0

v3.40.0

v3.41.0

v3.41.1

v3.42.0

v3.42.1

v3.43.0

v3.44.0

v3.45.0

v3.45.1

v3.45.2

v3.46.0

v3.47.0

v3.48.0

v3.48.1

v3.49.0

v3.49.1

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.50.0

v3.51.0

v3.51.1

v3.51.2

v3.52.0

v3.53.0

v3.54.0

v3.54.1

v3.55.0

v3.56.0

v3.57.0

v3.57.1

v3.57.2

v3.58.0

v3.59.0

v3.59.1

v3.6.0

v3.6.1

v3.6.2

v3.60.0

v3.60.1

v3.61.0

v3.62.0

v3.62.1

v3.63.0

v3.63.1

v3.64.0

v3.65.0

v3.65.1

v3.65.2

v3.65.3

v3.66.0

v3.66.1

v3.67.0

v3.68.0

v3.69.0

v3.7.0

v3.7.1

v3.70.0

v3.71.0

v3.72.0

v3.72.1

v3.73.0

v3.73.1

v3.74.0

v3.75.0

v3.75.1

v3.75.2

v3.75.3

v3.75.4

v3.76.0

v3.77.0

v3.78.0

v3.78.1

v3.78.2

v3.79.0

v3.79.1

v3.8.0

v3.80.0

v3.80.1

v3.81.0

v3.81.1

v3.82.0

v3.83.0

v3.84.0

v3.85.0

v3.85.1

v3.85.2

v3.86.0

v3.86.1

v3.87.0

v3.87.1

v3.88.0

v3.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9799.json"