CVE-2025-27135CRITICAL 9.8EPSS p42.8%

CVE-2025-27135CVE-2025-27135

Description

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.57% probability of exploitation · percentile 42.8% · 2026-06-18T12:00:27Z
Published2025-02-25
Last modified2025-04-22

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/infiniflow/ragflow/blob/v0.15.1/agent/component/exesql.py
  2. https://github.com/infiniflow/ragflow/security/advisories/GHSA-3gqj-66qm-25jq
  3. https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42?pvs=4
  4. https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28797
CVE
CVE-2026-45312
CVE
CVE-2025-68700
CVE
CVE-2025-25282
CVE
CVE-2026-24770
CVE
CVE-2025-69286
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.