CVE Catalog
CVE-2025-45150
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.52%
40th percentile - higher than 40% of all known CVEs
Summary
Insecure permissions in LangChain-ChatGLM-Webui (commit ef829) allow attackers to arbitrarily view and download sensitive files by sending a crafted request.
Risk Assessment
The organization is at risk of sensitive data leakage, including configurations, API keys, or user data, potentially leading to security breaches and financial losses.
Recommendation
Immediately update LangChain-ChatGLM-Webui to the latest version or apply a security patch, and restrict access to the application to trusted networks only.
Original NVD description (English source)
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.

