AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-64504: Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2

mediumvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseNovember 10, 2025CVE-2025-64504

Summary

Langfuse, an open source platform for managing large language models, had a vulnerability in versions 2.70.0 through 2.95.10 and 3.x through 3.124.0 where the server didn't properly check which organization a user belonged to, allowing any authenticated user to see names and email addresses of members in other organizations if they knew the target organization's ID. The vulnerability required the attacker to have a valid account on the same Langfuse instance and knowledge of the target organization's ID, and no customer data like traces, prompts, or evaluations were exposed.

Solution / Mitigation

Upgrade to patched versions: v2.95.11 for major version 2 or v3.124.1 for major version 3. According to the source, 'there are no known workarounds' and 'upgrading is required to fully mitigate this issue.'

Vulnerability Details

CVSS Score

5(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Data Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-202

Affected Vendors

LangChain

Related Issues

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Same vendorNVD/CVE Database

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 92%