Cyber Resilience

CVE-2025-45691

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 8.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45691 is a high-severity Path Traversal (CWE-22) vulnerability in Vibrantlabsai Ragas. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-45691 is an arbitrary file read vulnerability affecting the ImageTextPromptValue class in Exploding Gradients RAGAS versions 0.2.3 through 0.2.14. The issue arises from improper validation and sanitization of URLs provided in the retrieved_contexts parameter during handling of multimodal inputs, mapped to CWE-22 (path traversal). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility, low attack complexity, no privileges or user interaction required.

A remote, unauthenticated attacker can exploit this vulnerability by supplying a malicious URL in the retrieved_contexts parameter, enabling arbitrary file reads on the host system running the affected RAGAS instance. Successful exploitation grants access to sensitive files, such as configuration data or other local resources, without impacting integrity or availability.

Advisories and patches reference a detailed analysis at https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability, the vulnerable code at https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202, and fixes via pull requests https://github.com/explodinggradients/ragas/pull/1559 and https://github.com/vibrantlabsai/ragas/pull/1991. Mitigation involves applying these patches or upgrading to a patched version of RAGAS beyond v0.2.14.

This vulnerability is notable in the context of AI/ML workflows, as RAGAS is a library used for evaluating retrieval-augmented generation applications. No public reports of real-world exploitation were identified at publication on 2026-03-05.

EU & UK References

Vulnerability details

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Arbitrary file read via path traversal directly enables access to sensitive data from the local file system on the host.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-44307Shared CWE-22
CVE-2025-68921Shared CWE-22
CVE-2026-39369Shared CWE-22
CVE-2025-13801Shared CWE-22
CVE-2026-42600Shared CWE-22
CVE-2025-54794Shared CWE-22
CVE-2026-41205Shared CWE-22
CVE-2026-41419Shared CWE-22
CVE-2026-7182Shared CWE-22
CVE-2025-24605Shared CWE-22

Affected Assets

vibrantlabsai
ragas
0.2.3 — 0.2.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation and sanitization of inputs like the retrieved_contexts parameter to directly prevent path traversal via malicious URLs.

prevent

Requires timely identification, reporting, and correction of flaws such as this arbitrary file read vulnerability in RAGAS through patching.

preventdetect

Scans for vulnerabilities like CVE-2025-45691 in the RAGAS library and hosted applications, enabling risk-based remediation.

References