{"data":{"id":"00ac1d23-8339-45be-81e7-319dea7c4cb9","title":"CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive","summary":"CVE-2025-45150 is a vulnerability in LangChain-ChatGLM-Webui (a tool that combines language models with a web interface) caused by insecure permissions (CWE-732, which means access controls are set incorrectly on important resources). Attackers can exploit this flaw by sending specially crafted requests to view and download sensitive files they shouldn't be able to access.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-45150","publishedAt":"2025-08-01T21:15:51.943Z","cveId":"CVE-2025-45150","cweIds":["CWE-732"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain-ChatGLM-Webui"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00067,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-1"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}