Cyber Posture

CVE-2025-45691

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 8.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45691 is a high-severity Path Traversal (CWE-22) vulnerability in Vibrantlabsai Ragas. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Arbitrary file read via path traversal directly enables access to sensitive data from the local file system on the host.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

Deeper analysisAI

CVE-2025-45691 is an arbitrary file read vulnerability affecting the ImageTextPromptValue class in Exploding Gradients RAGAS versions 0.2.3 through 0.2.14. The issue arises from improper validation and sanitization of URLs provided in the retrieved_contexts parameter during handling of multimodal inputs, mapped to CWE-22 (path traversal). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility, low attack complexity, no privileges or user interaction required.

A remote, unauthenticated attacker can exploit this vulnerability by supplying a malicious URL in the retrieved_contexts parameter, enabling arbitrary file reads on the host system running the affected RAGAS instance. Successful exploitation grants access to sensitive files, such as configuration data or other local resources, without impacting integrity or availability.

Advisories and patches reference a detailed analysis at https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability, the vulnerable code at https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202, and fixes via pull requests https://github.com/explodinggradients/ragas/pull/1559 and https://github.com/vibrantlabsai/ragas/pull/1991. Mitigation involves applying these patches or upgrading to a patched version of RAGAS beyond v0.2.14.

This vulnerability is notable in the context of AI/ML workflows, as RAGAS is a library used for evaluating retrieval-augmented generation applications. No public reports of real-world exploitation were identified at publication on 2026-03-05.

Details

CWE(s)
CWE-22

Affected Products

vibrantlabsai
ragas
0.2.3 — 0.2.14

CVEs Like This One

CVE-2025-54794Shared CWE-22
CVE-2025-20051Shared CWE-22
CVE-2026-41205Shared CWE-22
CVE-2026-41419Shared CWE-22
CVE-2025-13801Shared CWE-22
CVE-2025-24605Shared CWE-22
CVE-2025-68921Shared CWE-22
CVE-2026-39369Shared CWE-22
CVE-2026-23536Shared CWE-22
CVE-2025-23422Shared CWE-22

References