CVE-2025-45691 | THREATINT

Description

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

PUBLISHED Reserved 2025-04-22 | Published 2026-03-05 | Updated 2026-03-06 | Assigner mitre

References

adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability

github.com/explodinggradients/ragas/pull/1559

github.com/...0cc811d/src/ragas/prompt/multi_modal_prompt.py

github.com/vibrantlabsai/ragas/pull/1991

cve.org (CVE-2025-45691)

nvd.nist.gov (CVE-2025-45691)

Download JSON