{"uuid": "722a626e-b8ff-4686-aa32-dd0ede135f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25282", "type": "seen", "source": "https://t.me/cvedetector/18698", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25282 - RAGFlow IDOR: Cross-Tenant Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25282 \nPublished : Feb. 21, 2025, 9:15 p.m. | 1\u00a0hour, 33\u00a0minutes ago \nDescription : RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET //user/list), add user account to other tenant (POST //user). This issue has not yet been patched. Users are advised to reach out to the project maintainers to coordinate a fix. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:36.000000Z"}