CVE-2025-45150
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-10-17
Assigner: MITRE
Description
Description
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| x-d_lab | langchain-chatglm-webui | 2023-05-23 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to insecure permissions in the LangChain-ChatGLM-Webui software, specifically in commit ef829. It allows attackers to view and download sensitive files arbitrarily by sending a specially crafted request.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can access and download sensitive files without authorization, potentially leading to data breaches, loss of confidentiality, and exposure of private information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70