CRITICAL🇵🇱 Wersja polska

CVE-2024-12450

CVSS 9.8v3.1pub. 2025-03-20upd. 2025-04-04

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions on the file protocol enables Arbitrary File Read, allowing attackers to read server files. Furthermore, the use of an outdated Chromium headless version with --no-sandbox mode enabled makes the application susceptible to Remote Code Execution (RCE) via known Chromium v8 vulnerabilities. These issues are resolved in version 0.14.0.

🤖 AI Analysis
How it works

The `web_crawl` function in the `document_app.py` file does not filter URL parameters passed by the user, allowing an attacker to direct requests to internal network addresses (Full Read SSRF) — results are exfiltrated through generated PDF files. Lack of restrictions on the `file://` protocol enables direct file reading from the server's file system (Arbitrary File Read). Additionally, the application uses an outdated version of Chromium browser running in headless mode with the --no-sandbox option, which allows exploitation of known V8 engine vulnerabilities for remote code execution (RCE).

Impact

An attacker can gain full access to the victim's internal network and read arbitrary files from the server (including credentials and configuration data), and through RCE can take complete control of the system.

Mitigation & patch

Infiniflow RAGflow should be updated to version 0.14.0, in which the vulnerabilities have been patched. Patch details are available in the vendor's references (commit 3faae0b2c2f8a26233ee1442ba04874b3406f6e9 in the GitHub repository).

Who is affected

Infiniflow RAGflow version 0.12.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Infiniflow Ragflow

    APP
    Infiniflow
    0.12.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESSRF
CWE
References

Related vulnerabilities

CVE-2026-24770CRITICAL9.8PL ✓ten sam produkt

Zip Slip RCE w RAGFlow — nadpisanie plików przez złośliwe archiwum ZIP

CVE-2025-48187CRITICAL9.1PL ✓ten sam produkt

Przejęcie konta w RAGFlow poprzez brute-force kodów weryfikacyjnych

CVE-2024-12433CRITICAL9.8PL ✓ten sam produkt

RCE w Infiniflow RagFlow — statyczny klucz AuthKey i niebezpieczna deserializacja pickle

CVE-2026-28797HIGH8.7ten sam produkt

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-...

CVE-2025-69286HIGH8.9ten sam produkt

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of...