CVE-2025-45691
Published: 05 March 2026
Summary
CVE-2025-45691 is a high-severity Path Traversal (CWE-22) vulnerability in Vibrantlabsai Ragas. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-45691 is an arbitrary file read vulnerability affecting the ImageTextPromptValue class in Exploding Gradients RAGAS versions 0.2.3 through 0.2.14. The issue arises from improper validation and sanitization of URLs provided in the retrieved_contexts parameter during handling of multimodal inputs, mapped to CWE-22 (path traversal). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility, low attack complexity, no privileges or user interaction required.
A remote, unauthenticated attacker can exploit this vulnerability by supplying a malicious URL in the retrieved_contexts parameter, enabling arbitrary file reads on the host system running the affected RAGAS instance. Successful exploitation grants access to sensitive files, such as configuration data or other local resources, without impacting integrity or availability.
Advisories and patches reference a detailed analysis at https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability, the vulnerable code at https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202, and fixes via pull requests https://github.com/explodinggradients/ragas/pull/1559 and https://github.com/vibrantlabsai/ragas/pull/1991. Mitigation involves applying these patches or upgrading to a patched version of RAGAS beyond v0.2.14.
This vulnerability is notable in the context of AI/ML workflows, as RAGAS is a library used for evaluating retrieval-augmented generation applications. No public reports of real-world exploitation were identified at publication on 2026-03-05.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208315
Vulnerability details
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file read via path traversal directly enables access to sensitive data from the local file system on the host.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation and sanitization of inputs like the retrieved_contexts parameter to directly prevent path traversal via malicious URLs.
Requires timely identification, reporting, and correction of flaws such as this arbitrary file read vulnerability in RAGAS through patching.
Scans for vulnerabilities like CVE-2025-45691 in the RAGAS library and hosted applications, enabling risk-based remediation.