Security Advisory

CVE-2025-9799

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-01 22:02:09

Last updated 2025-09-02 20:10:18

Assigner VulDB

State PUBLISHED

Description

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.

← Browse all CVEs View on cve.org ↗