{"data":{"id":"82bdef8d-2192-4175-b524-96a8f009eeb9","title":"CVE-2025-65107: Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from","summary":"Langfuse, an open source platform for managing large language models, has a vulnerability in versions 2.95.0–2.95.11 and 3.17.0–3.130.x where attackers could take over user accounts if certain security settings are not configured. The attack works by tricking an authenticated user into clicking a malicious link (via CSRF, which is cross-site request forgery where an attacker tricks your browser into making unwanted requests, or phishing).","solution":"Update to Langfuse version 2.95.12 or 3.131.0, where the issue has been patched. Alternatively, as a workaround, set the AUTH_<PROVIDER>_CHECK configuration parameter.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-65107","publishedAt":"2025-11-21T22:16:33.127Z","cveId":"CVE-2025-65107","cweIds":["CWE-285","CWE-352"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langfuse"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00023,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}