CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Summary
CVE-2025-45150 is a vulnerability in LangChain-ChatGLM-Webui (a tool that combines language models with a web interface) caused by insecure permissions (CWE-732, which means access controls are set incorrectly on important resources). Attackers can exploit this flaw by sending specially crafted requests to view and download sensitive files they shouldn't be able to access.
Vulnerability Details
9.8(critical)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-45150
First tracked: February 15, 2026 at 08:35 PM
Classified by LLM (prompt v3) · confidence: 85%