- Description
- RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner's account. Version 0.22.0 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- ragflow
CVSS 4.0
- Type
- Secondary
- Base score
- 8.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-340
- Hype score
- Not currently trending
CVE-2025-69286 RAGFlow API Key Derivation Vulnerability in Versions Prio... https://t.co/eIpkmXLJsq Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
1 Jan 2026
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69286 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and… https://t.co/fFPJ0P8eIQ
@CVEnew
31 Dec 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "399A9F6D-D7D7-413D-B787-96DD6C1CDC40",
"versionEndExcluding": "0.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]