CVE-2025-27135
Published: 25 February 2025
Summary
CVE-2025-27135 is a critical-severity SQL Injection (CWE-89) vulnerability in Infiniflow Ragflow. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection in the ExeSQL component by requiring validation of inputs before direct execution on the database.
Establishes processes to identify, patch, or mitigate the SQL injection flaw in RAGFlow versions 0.15.1 and prior.
Restricts and scans inputs to the ExeSQL component to block malicious SQL statements from being processed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing RAGFlow ExeSQL allows remote unauthenticated arbitrary SQL execution, directly enabling T1190 (Exploit Public-Facing Application) for initial access and facilitating T1213.006 (Databases) for data collection, T1565.001 (Stored Data Manipulation) for integrity impacts, and T1485 (Data Destruction) for availability impacts via the database.
NVD Description
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication,…
more
no patched version is available.
Deeper analysisAI
CVE-2025-27135 is a SQL injection vulnerability (CWE-89) in RAGFlow, an open-source Retrieval-Augmented Generation (RAG) engine. Versions 0.15.1 and prior are affected, specifically the ExeSQL component, which extracts SQL statements directly from input and executes them on the database without sanitization. The vulnerability was published on 2025-02-25 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
An unauthenticated remote attacker with network access can exploit this vulnerability through low-complexity attacks requiring no user interaction. Exploitation allows arbitrary SQL query execution, enabling high-impact compromise of confidentiality, integrity, and availability, such as data exfiltration, modification, or deletion from the underlying database.
As of publication, no patched version of RAGFlow is available. Relevant advisories and details are documented in the GitHub security advisory (GHSA-3gqj-66qm-25jq), the affected ExeSQL source code, and external analyses on provided Notion pages.
RAGFlow's role as a RAG engine introduces AI/ML relevance, as deployments in LLM pipelines could expose sensitive data stores to remote compromise. No real-world exploitation has been reported in the available information.
Details
- CWE(s)