CVE-2025-45691

Published: Mar 5, 2026

Modified: Mar 6, 2026

PUBLISHED

Description

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability

https://github.com/explodinggradients/ragas/pull/1559

https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202

https://github.com/vibrantlabsai/ragas/pull/1991

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-45691

Description

Affected Products

References