CVE-2025-48187 – RAGFlow Authentication Bypass

CVE ID : CVE-2025-48187

Published : May 17, 2025, 1:15 p.m. | 1 hour, 49 minutes ago

Description : RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

CVE-2025-4831 – TOTOLINK HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-4832 – TOTOLINK HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-4833 – TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-4827 – TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow