Unrated severityNVD Advisory· Published May 17, 2025· Updated May 19, 2025

CVE-2025-48187

Description

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.

Affected products

Infiniflow/Ragflowv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/infiniflow/ragflow/commits/main/mitre
www.cnblogs.com/qiushuo/p/18881084mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000