Vulnerabilities

CVE-2025-68700 - RAGFlow Remote Code Execution Vulnerability

2026-01-01 0 views admin
CVE-2025-68700 - RAGFlow Remote Code Execution Vulnerability

CVE ID : CVE-2025-68700 Published : Dec. 31, 2025, 10:15 p.m. | 59 minutes ago Description : RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox isolation. This occurs because untrusted data (stdout) is parsed using eval() with no filtering or sandboxing. The intended design was to

CVE Details

Severity
LOW
Published
Dec. 31, 2025

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-68700low

More from Vulnerabilities

CVE-2025-69412 - KDE Messagelib SSL Validation Bypass

CVE-2025-69412 - KDE Messagelib SSL Validation Bypass

2026-01-01 0
CVE-2023-7331 - PKrystian Full-Stack-Bank User sql injection

CVE-2023-7331 - PKrystian Full-Stack-Bank User sql injection

2026-01-01 0
CVE-2025-67703 - Stored XSS vulnerability in ArcGIS Server.

CVE-2025-67703 - Stored XSS vulnerability in ArcGIS Server.

2026-01-01 0
CVE-2025-67704 - Stored XSS vulnerability in ArcGIS Server.

CVE-2025-67704 - Stored XSS vulnerability in ArcGIS Server.

2026-01-01 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views