VYPR
High severityNVD Advisory· Published Mar 5, 2026· Updated Mar 6, 2026

CVE-2025-45691

CVE-2025-45691

Description

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ragasPyPI
>= 0.2.3, < 0.3.0-rc10.3.0-rc1

Affected products

1

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.