CVE Catalog

CVE-2025-45150

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile - higher than 40% of all known CVEs

Summary

Insecure permissions in LangChain-ChatGLM-Webui (commit ef829) allow attackers to arbitrarily view and download sensitive files by sending a crafted request.

Risk Assessment

The organization is at risk of sensitive data leakage, including configurations, API keys, or user data, potentially leading to security breaches and financial losses.

Recommendation

Immediately update LangChain-ChatGLM-Webui to the latest version or apply a security patch, and restrict access to the application to trusted networks only.

Original NVD description (English source)

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS