CVE-2025-45691 PUBLISHED

Assigner: mitre
Reserved: 22.04.2025 Published: 05.03.2026 Updated: 06.03.2026

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability
https://github.com/explodinggradients/ragas/pull/1559
https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202
https://github.com/vibrantlabsai/ragas/pull/1991

Problem Types

n/a text