{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9799","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-01T12:23:02.536Z","datePublished":"2025-09-01T22:02:09.356Z","dateUpdated":"2025-09-02T20:10:18.439Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-01T22:02:09.356Z"},"title":"Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-918","lang":"en","description":"Server-Side Request Forgery"}]}],"affected":[{"vendor":"n/a","product":"Langfuse","versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"},{"version":"3.3","status":"affected"},{"version":"3.4","status":"affected"},{"version":"3.5","status":"affected"},{"version":"3.6","status":"affected"},{"version":"3.7","status":"affected"},{"version":"3.8","status":"affected"},{"version":"3.9","status":"affected"},{"version":"3.10","status":"affected"},{"version":"3.11","status":"affected"},{"version":"3.12","status":"affected"},{"version":"3.13","status":"affected"},{"version":"3.14","status":"affected"},{"version":"3.15","status":"affected"},{"version":"3.16","status":"affected"},{"version":"3.17","status":"affected"},{"version":"3.18","status":"affected"},{"version":"3.19","status":"affected"},{"version":"3.20","status":"affected"},{"version":"3.21","status":"affected"},{"version":"3.22","status":"affected"},{"version":"3.23","status":"affected"},{"version":"3.24","status":"affected"},{"version":"3.25","status":"affected"},{"version":"3.26","status":"affected"},{"version":"3.27","status":"affected"},{"version":"3.28","status":"affected"},{"version":"3.29","status":"affected"},{"version":"3.30","status":"affected"},{"version":"3.31","status":"affected"},{"version":"3.32","status":"affected"},{"version":"3.33","status":"affected"},{"version":"3.34","status":"affected"},{"version":"3.35","status":"affected"},{"version":"3.36","status":"affected"},{"version":"3.37","status":"affected"},{"version":"3.38","status":"affected"},{"version":"3.39","status":"affected"},{"version":"3.40","status":"affected"},{"version":"3.41","status":"affected"},{"version":"3.42","status":"affected"},{"version":"3.43","status":"affected"},{"version":"3.44","status":"affected"},{"version":"3.45","status":"affected"},{"version":"3.46","status":"affected"},{"version":"3.47","status":"affected"},{"version":"3.48","status":"affected"},{"version":"3.49","status":"affected"},{"version":"3.50","status":"affected"},{"version":"3.51","status":"affected"},{"version":"3.52","status":"affected"},{"version":"3.53","status":"affected"},{"version":"3.54","status":"affected"},{"version":"3.55","status":"affected"},{"version":"3.56","status":"affected"},{"version":"3.57","status":"affected"},{"version":"3.58","status":"affected"},{"version":"3.59","status":"affected"},{"version":"3.60","status":"affected"},{"version":"3.61","status":"affected"},{"version":"3.62","status":"affected"},{"version":"3.63","status":"affected"},{"version":"3.64","status":"affected"},{"version":"3.65","status":"affected"},{"version":"3.66","status":"affected"},{"version":"3.67","status":"affected"},{"version":"3.68","status":"affected"},{"version":"3.69","status":"affected"},{"version":"3.70","status":"affected"},{"version":"3.71","status":"affected"},{"version":"3.72","status":"affected"},{"version":"3.73","status":"affected"},{"version":"3.74","status":"affected"},{"version":"3.75","status":"affected"},{"version":"3.76","status":"affected"},{"version":"3.77","status":"affected"},{"version":"3.78","status":"affected"},{"version":"3.79","status":"affected"},{"version":"3.80","status":"affected"},{"version":"3.81","status":"affected"},{"version":"3.82","status":"affected"},{"version":"3.83","status":"affected"},{"version":"3.84","status":"affected"},{"version":"3.85","status":"affected"},{"version":"3.86","status":"affected"},{"version":"3.87","status":"affected"},{"version":"3.88.0","status":"affected"}],"modules":["Webhook Handler"]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited."},{"lang":"de","value":"In Langfuse bis 3.88.0 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion promptChangeEventSourcing der Datei web/src/features/prompts/server/routers/promptRouter.ts der Komponente Webhook Handler. Mit der Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff lässt sich über das Netzwerk starten. Die Komplexität eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde veröffentlicht und kann verwendet werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":2.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"LOW"}},{"cvssV3_1":{"version":"3.1","baseScore":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4.6,"vectorString":"AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-01T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-01T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-01T14:29:18.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ZAST.AI (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.322114","name":"VDB-322114 | Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.322114","name":"VDB-322114 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.641128","name":"Submit #641128 | langfuse https://github.com/langfuse/langfuse  <=3.88.0 SSRF","tags":["third-party-advisory"]},{"url":"https://github.com/langfuse/langfuse/issues/8522","tags":["issue-tracking"]},{"url":"https://github.com/langfuse/langfuse/issues/8522#issue-3320549867","tags":["exploit","issue-tracking"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-02T19:51:53.283383Z","id":"CVE-2025-9799","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-02T20:10:18.439Z"}}]}}