CVE-2025-27135
CRITICALRAGFlow < 0.15.1 - SQL Injection via ExeSQL Component
Title source: llmDescription
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/infiniflow/ragflow/security/advisories/GHSA-3gqj-66qm-25jq
Product x_refsource_misc
https://github.com/infiniflow/ragflow/blob/v0.15.1/agent/component/exesql.py
Exploit x_refsource_misc
https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42?pvs=4
Scores
CVSS v3
9.8
EPSS
0.0057
EPSS Percentile
43.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
infiniflow/ragflow
< 0.15.1
Published
Feb 25, 2025
Tracked Since
Feb 18, 2026