RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.
CVE ID: CVE-2025-27135
CVSS Base Severity: HIGH
CVSS Base Score: 8.9
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Vendor: infiniflow
Product: ragflow
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 10.52% (scored less or equal to compared to others)
EPSS Date: 2025-03-26 (when was this score calculated)
SSVC Exploitation: poc
SSVC Technical Impact: total
SSVC Automatable: true