CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-59305

Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.8%

CVSS Severity

CVSS v3 Score 7.6

References

https://depthfirst.com/post/how-an-authorization-flaw-reveals-a-common-security-blind-spot-cve-2025-59305-case-study

Products affected by CVE-2025-59305

Finto » Langfuse » Version: 3.1

cpe:2.3:a:finto:langfuse:3.1
Finto » Langfuse » Version: 3.1.0

cpe:2.3:a:finto:langfuse:3.1.0
Finto » Langfuse » Version: 3.1.1

cpe:2.3:a:finto:langfuse:3.1.1
Finto » Langfuse » Version: 3.10.0

cpe:2.3:a:finto:langfuse:3.10.0
Finto » Langfuse » Version: 3.100.0

cpe:2.3:a:finto:langfuse:3.100.0
Finto » Langfuse » Version: 3.101.0

cpe:2.3:a:finto:langfuse:3.101.0
Finto » Langfuse » Version: 3.102.0

cpe:2.3:a:finto:langfuse:3.102.0
Finto » Langfuse » Version: 3.103.0

cpe:2.3:a:finto:langfuse:3.103.0
Finto » Langfuse » Version: 3.104.0

cpe:2.3:a:finto:langfuse:3.104.0
Finto » Langfuse » Version: 3.105.0

cpe:2.3:a:finto:langfuse:3.105.0
Finto » Langfuse » Version: 3.106.0

cpe:2.3:a:finto:langfuse:3.106.0
Finto » Langfuse » Version: 3.106.1

cpe:2.3:a:finto:langfuse:3.106.1
Finto » Langfuse » Version: 3.106.2

cpe:2.3:a:finto:langfuse:3.106.2
Finto » Langfuse » Version: 3.106.3

cpe:2.3:a:finto:langfuse:3.106.3
Finto » Langfuse » Version: 3.106.4

cpe:2.3:a:finto:langfuse:3.106.4
Finto » Langfuse » Version: 3.107.0

cpe:2.3:a:finto:langfuse:3.107.0
Finto » Langfuse » Version: 3.108.0

cpe:2.3:a:finto:langfuse:3.108.0
Finto » Langfuse » Version: 3.11.0

cpe:2.3:a:finto:langfuse:3.11.0
Finto » Langfuse » Version: 3.11.1

cpe:2.3:a:finto:langfuse:3.11.1
Finto » Langfuse » Version: 3.12.0

cpe:2.3:a:finto:langfuse:3.12.0
Finto » Langfuse » Version: 3.13.0

cpe:2.3:a:finto:langfuse:3.13.0
Finto » Langfuse » Version: 3.14.0

cpe:2.3:a:finto:langfuse:3.14.0
Finto » Langfuse » Version: 3.15.0

cpe:2.3:a:finto:langfuse:3.15.0
Finto » Langfuse » Version: 3.16.0

cpe:2.3:a:finto:langfuse:3.16.0
Finto » Langfuse » Version: 3.17.0

cpe:2.3:a:finto:langfuse:3.17.0
Finto » Langfuse » Version: 3.17.1

cpe:2.3:a:finto:langfuse:3.17.1
Finto » Langfuse » Version: 3.18.0

cpe:2.3:a:finto:langfuse:3.18.0
Finto » Langfuse » Version: 3.19.0

cpe:2.3:a:finto:langfuse:3.19.0
Finto » Langfuse » Version: 3.2.0

cpe:2.3:a:finto:langfuse:3.2.0
Finto » Langfuse » Version: 3.20.0

cpe:2.3:a:finto:langfuse:3.20.0
Finto » Langfuse » Version: 3.21.0

cpe:2.3:a:finto:langfuse:3.21.0
Finto » Langfuse » Version: 3.22.0

cpe:2.3:a:finto:langfuse:3.22.0
Finto » Langfuse » Version: 3.23.0

cpe:2.3:a:finto:langfuse:3.23.0
Finto » Langfuse » Version: 3.24.0

cpe:2.3:a:finto:langfuse:3.24.0
Finto » Langfuse » Version: 3.24.1

cpe:2.3:a:finto:langfuse:3.24.1
Finto » Langfuse » Version: 3.25.0

cpe:2.3:a:finto:langfuse:3.25.0
Finto » Langfuse » Version: 3.26.0

cpe:2.3:a:finto:langfuse:3.26.0
Finto » Langfuse » Version: 3.27.0

cpe:2.3:a:finto:langfuse:3.27.0
Finto » Langfuse » Version: 3.27.1

cpe:2.3:a:finto:langfuse:3.27.1
Finto » Langfuse » Version: 3.27.2

cpe:2.3:a:finto:langfuse:3.27.2
Finto » Langfuse » Version: 3.28.0

cpe:2.3:a:finto:langfuse:3.28.0
Finto » Langfuse » Version: 3.28.1

cpe:2.3:a:finto:langfuse:3.28.1
Finto » Langfuse » Version: 3.28.2

cpe:2.3:a:finto:langfuse:3.28.2
Finto » Langfuse » Version: 3.28.3

cpe:2.3:a:finto:langfuse:3.28.3
Finto » Langfuse » Version: 3.29.0

cpe:2.3:a:finto:langfuse:3.29.0
Finto » Langfuse » Version: 3.29.1

cpe:2.3:a:finto:langfuse:3.29.1
Finto » Langfuse » Version: 3.3.0

cpe:2.3:a:finto:langfuse:3.3.0
Finto » Langfuse » Version: 3.3.0-rc.1

cpe:2.3:a:finto:langfuse:3.3.0-rc.1
Finto » Langfuse » Version: 3.3.0-rc.2

cpe:2.3:a:finto:langfuse:3.3.0-rc.2
Finto » Langfuse » Version: 3.30.0

cpe:2.3:a:finto:langfuse:3.30.0
Finto » Langfuse » Version: 3.31.0

cpe:2.3:a:finto:langfuse:3.31.0
Finto » Langfuse » Version: 3.32.0

cpe:2.3:a:finto:langfuse:3.32.0
Finto » Langfuse » Version: 3.32.1

cpe:2.3:a:finto:langfuse:3.32.1
Finto » Langfuse » Version: 3.33.0

cpe:2.3:a:finto:langfuse:3.33.0
Finto » Langfuse » Version: 3.33.1

cpe:2.3:a:finto:langfuse:3.33.1
Finto » Langfuse » Version: 3.34.0

cpe:2.3:a:finto:langfuse:3.34.0
Finto » Langfuse » Version: 3.34.1

cpe:2.3:a:finto:langfuse:3.34.1
Finto » Langfuse » Version: 3.35.0

cpe:2.3:a:finto:langfuse:3.35.0
Finto » Langfuse » Version: 3.35.1

cpe:2.3:a:finto:langfuse:3.35.1
Finto » Langfuse » Version: 3.36.0

cpe:2.3:a:finto:langfuse:3.36.0
Finto » Langfuse » Version: 3.37.0

cpe:2.3:a:finto:langfuse:3.37.0
Finto » Langfuse » Version: 3.38.0

cpe:2.3:a:finto:langfuse:3.38.0
Finto » Langfuse » Version: 3.39.0

cpe:2.3:a:finto:langfuse:3.39.0
Finto » Langfuse » Version: 3.4.0

cpe:2.3:a:finto:langfuse:3.4.0
Finto » Langfuse » Version: 3.40.0

cpe:2.3:a:finto:langfuse:3.40.0
Finto » Langfuse » Version: 3.41.0

cpe:2.3:a:finto:langfuse:3.41.0
Finto » Langfuse » Version: 3.41.1

cpe:2.3:a:finto:langfuse:3.41.1
Finto » Langfuse » Version: 3.42.0

cpe:2.3:a:finto:langfuse:3.42.0
Finto » Langfuse » Version: 3.42.1

cpe:2.3:a:finto:langfuse:3.42.1
Finto » Langfuse » Version: 3.43.0

cpe:2.3:a:finto:langfuse:3.43.0
Finto » Langfuse » Version: 3.44.0

cpe:2.3:a:finto:langfuse:3.44.0
Finto » Langfuse » Version: 3.44.1-0

cpe:2.3:a:finto:langfuse:3.44.1-0
Finto » Langfuse » Version: 3.45.0

cpe:2.3:a:finto:langfuse:3.45.0
Finto » Langfuse » Version: 3.45.1

cpe:2.3:a:finto:langfuse:3.45.1
Finto » Langfuse » Version: 3.45.2

cpe:2.3:a:finto:langfuse:3.45.2
Finto » Langfuse » Version: 3.46.0

cpe:2.3:a:finto:langfuse:3.46.0
Finto » Langfuse » Version: 3.47.0

cpe:2.3:a:finto:langfuse:3.47.0
Finto » Langfuse » Version: 3.48.0

cpe:2.3:a:finto:langfuse:3.48.0
Finto » Langfuse » Version: 3.48.1

cpe:2.3:a:finto:langfuse:3.48.1
Finto » Langfuse » Version: 3.49.0

cpe:2.3:a:finto:langfuse:3.49.0
Finto » Langfuse » Version: 3.49.1

cpe:2.3:a:finto:langfuse:3.49.1
Finto » Langfuse » Version: 3.5.0

cpe:2.3:a:finto:langfuse:3.5.0
Finto » Langfuse » Version: 3.5.1

cpe:2.3:a:finto:langfuse:3.5.1
Finto » Langfuse » Version: 3.5.2

cpe:2.3:a:finto:langfuse:3.5.2
Finto » Langfuse » Version: 3.5.3

cpe:2.3:a:finto:langfuse:3.5.3
Finto » Langfuse » Version: 3.50.0

cpe:2.3:a:finto:langfuse:3.50.0
Finto » Langfuse » Version: 3.51.0

cpe:2.3:a:finto:langfuse:3.51.0
Finto » Langfuse » Version: 3.51.1

cpe:2.3:a:finto:langfuse:3.51.1
Finto » Langfuse » Version: 3.51.2

cpe:2.3:a:finto:langfuse:3.51.2
Finto » Langfuse » Version: 3.52.0

cpe:2.3:a:finto:langfuse:3.52.0
Finto » Langfuse » Version: 3.53.0

cpe:2.3:a:finto:langfuse:3.53.0
Finto » Langfuse » Version: 3.54.0

cpe:2.3:a:finto:langfuse:3.54.0
Finto » Langfuse » Version: 3.54.1

cpe:2.3:a:finto:langfuse:3.54.1
Finto » Langfuse » Version: 3.55.0

cpe:2.3:a:finto:langfuse:3.55.0
Finto » Langfuse » Version: 3.56.0

cpe:2.3:a:finto:langfuse:3.56.0
Finto » Langfuse » Version: 3.57.0

cpe:2.3:a:finto:langfuse:3.57.0
Finto » Langfuse » Version: 3.57.1

cpe:2.3:a:finto:langfuse:3.57.1
Finto » Langfuse » Version: 3.57.2

cpe:2.3:a:finto:langfuse:3.57.2
Finto » Langfuse » Version: 3.58.0

cpe:2.3:a:finto:langfuse:3.58.0
Finto » Langfuse » Version: 3.59.0

cpe:2.3:a:finto:langfuse:3.59.0
Finto » Langfuse » Version: 3.59.1

cpe:2.3:a:finto:langfuse:3.59.1
Finto » Langfuse » Version: 3.6.0

cpe:2.3:a:finto:langfuse:3.6.0
Finto » Langfuse » Version: 3.6.1

cpe:2.3:a:finto:langfuse:3.6.1
Finto » Langfuse » Version: 3.6.2

cpe:2.3:a:finto:langfuse:3.6.2
Finto » Langfuse » Version: 3.60.0

cpe:2.3:a:finto:langfuse:3.60.0
Finto » Langfuse » Version: 3.60.1

cpe:2.3:a:finto:langfuse:3.60.1
Finto » Langfuse » Version: 3.61.0

cpe:2.3:a:finto:langfuse:3.61.0
Finto » Langfuse » Version: 3.62.0

cpe:2.3:a:finto:langfuse:3.62.0
Finto » Langfuse » Version: 3.62.1

cpe:2.3:a:finto:langfuse:3.62.1
Finto » Langfuse » Version: 3.63.0

cpe:2.3:a:finto:langfuse:3.63.0
Finto » Langfuse » Version: 3.63.1

cpe:2.3:a:finto:langfuse:3.63.1
Finto » Langfuse » Version: 3.64.0

cpe:2.3:a:finto:langfuse:3.64.0
Finto » Langfuse » Version: 3.65.0

cpe:2.3:a:finto:langfuse:3.65.0
Finto » Langfuse » Version: 3.65.1

cpe:2.3:a:finto:langfuse:3.65.1
Finto » Langfuse » Version: 3.65.2

cpe:2.3:a:finto:langfuse:3.65.2
Finto » Langfuse » Version: 3.65.3

cpe:2.3:a:finto:langfuse:3.65.3
Finto » Langfuse » Version: 3.66.0

cpe:2.3:a:finto:langfuse:3.66.0
Finto » Langfuse » Version: 3.66.1

cpe:2.3:a:finto:langfuse:3.66.1
Finto » Langfuse » Version: 3.67.0

cpe:2.3:a:finto:langfuse:3.67.0
Finto » Langfuse » Version: 3.67.1-2

cpe:2.3:a:finto:langfuse:3.67.1-2
Finto » Langfuse » Version: 3.68.0

cpe:2.3:a:finto:langfuse:3.68.0
Finto » Langfuse » Version: 3.69.0

cpe:2.3:a:finto:langfuse:3.69.0
Finto » Langfuse » Version: 3.7.0

cpe:2.3:a:finto:langfuse:3.7.0
Finto » Langfuse » Version: 3.7.1

cpe:2.3:a:finto:langfuse:3.7.1
Finto » Langfuse » Version: 3.70.0

cpe:2.3:a:finto:langfuse:3.70.0
Finto » Langfuse » Version: 3.71.0

cpe:2.3:a:finto:langfuse:3.71.0
Finto » Langfuse » Version: 3.72.0

cpe:2.3:a:finto:langfuse:3.72.0
Finto » Langfuse » Version: 3.72.1

cpe:2.3:a:finto:langfuse:3.72.1
Finto » Langfuse » Version: 3.72.2-0

cpe:2.3:a:finto:langfuse:3.72.2-0
Finto » Langfuse » Version: 3.72.2-1

cpe:2.3:a:finto:langfuse:3.72.2-1
Finto » Langfuse » Version: 3.73.0

cpe:2.3:a:finto:langfuse:3.73.0
Finto » Langfuse » Version: 3.73.1

cpe:2.3:a:finto:langfuse:3.73.1
Finto » Langfuse » Version: 3.74.0

cpe:2.3:a:finto:langfuse:3.74.0
Finto » Langfuse » Version: 3.75.0

cpe:2.3:a:finto:langfuse:3.75.0
Finto » Langfuse » Version: 3.75.1

cpe:2.3:a:finto:langfuse:3.75.1
Finto » Langfuse » Version: 3.75.2

cpe:2.3:a:finto:langfuse:3.75.2
Finto » Langfuse » Version: 3.75.3

cpe:2.3:a:finto:langfuse:3.75.3
Finto » Langfuse » Version: 3.75.4

cpe:2.3:a:finto:langfuse:3.75.4
Finto » Langfuse » Version: 3.76.0

cpe:2.3:a:finto:langfuse:3.76.0
Finto » Langfuse » Version: 3.77.0

cpe:2.3:a:finto:langfuse:3.77.0
Finto » Langfuse » Version: 3.78.0

cpe:2.3:a:finto:langfuse:3.78.0
Finto » Langfuse » Version: 3.78.1

cpe:2.3:a:finto:langfuse:3.78.1
Finto » Langfuse » Version: 3.78.2

cpe:2.3:a:finto:langfuse:3.78.2
Finto » Langfuse » Version: 3.79.0

cpe:2.3:a:finto:langfuse:3.79.0
Finto » Langfuse » Version: 3.79.1

cpe:2.3:a:finto:langfuse:3.79.1
Finto » Langfuse » Version: 3.8.0

cpe:2.3:a:finto:langfuse:3.8.0
Finto » Langfuse » Version: 3.80.0

cpe:2.3:a:finto:langfuse:3.80.0
Finto » Langfuse » Version: 3.80.1

cpe:2.3:a:finto:langfuse:3.80.1
Finto » Langfuse » Version: 3.81.0

cpe:2.3:a:finto:langfuse:3.81.0
Finto » Langfuse » Version: 3.81.1

cpe:2.3:a:finto:langfuse:3.81.1
Finto » Langfuse » Version: 3.82.0

cpe:2.3:a:finto:langfuse:3.82.0
Finto » Langfuse » Version: 3.83.0

cpe:2.3:a:finto:langfuse:3.83.0
Finto » Langfuse » Version: 3.84.0

cpe:2.3:a:finto:langfuse:3.84.0
Finto » Langfuse » Version: 3.85.0

cpe:2.3:a:finto:langfuse:3.85.0
Finto » Langfuse » Version: 3.85.1

cpe:2.3:a:finto:langfuse:3.85.1
Finto » Langfuse » Version: 3.85.2

cpe:2.3:a:finto:langfuse:3.85.2
Finto » Langfuse » Version: 3.86.0

cpe:2.3:a:finto:langfuse:3.86.0
Finto » Langfuse » Version: 3.86.1

cpe:2.3:a:finto:langfuse:3.86.1
Finto » Langfuse » Version: 3.87.0

cpe:2.3:a:finto:langfuse:3.87.0
Finto » Langfuse » Version: 3.87.1

cpe:2.3:a:finto:langfuse:3.87.1
Finto » Langfuse » Version: 3.88.0

cpe:2.3:a:finto:langfuse:3.88.0
Finto » Langfuse » Version: 3.88.1

cpe:2.3:a:finto:langfuse:3.88.1
Finto » Langfuse » Version: 3.89.0

cpe:2.3:a:finto:langfuse:3.89.0
Finto » Langfuse » Version: 3.9.0

cpe:2.3:a:finto:langfuse:3.9.0
Finto » Langfuse » Version: 3.90.0

cpe:2.3:a:finto:langfuse:3.90.0
Finto » Langfuse » Version: 3.91.0

cpe:2.3:a:finto:langfuse:3.91.0
Finto » Langfuse » Version: 3.92.0

cpe:2.3:a:finto:langfuse:3.92.0
Finto » Langfuse » Version: 3.92.1

cpe:2.3:a:finto:langfuse:3.92.1
Finto » Langfuse » Version: 3.93.0

cpe:2.3:a:finto:langfuse:3.93.0
Finto » Langfuse » Version: 3.94.0

cpe:2.3:a:finto:langfuse:3.94.0
Finto » Langfuse » Version: 3.95.0

cpe:2.3:a:finto:langfuse:3.95.0
Finto » Langfuse » Version: 3.95.1

cpe:2.3:a:finto:langfuse:3.95.1
Finto » Langfuse » Version: 3.95.2

cpe:2.3:a:finto:langfuse:3.95.2
Finto » Langfuse » Version: 3.96.0

cpe:2.3:a:finto:langfuse:3.96.0
Finto » Langfuse » Version: 3.96.1

cpe:2.3:a:finto:langfuse:3.96.1
Finto » Langfuse » Version: 3.96.2

cpe:2.3:a:finto:langfuse:3.96.2
Finto » Langfuse » Version: 3.97.0

cpe:2.3:a:finto:langfuse:3.97.0
Finto » Langfuse » Version: 3.97.1

cpe:2.3:a:finto:langfuse:3.97.1
Finto » Langfuse » Version: 3.97.2

cpe:2.3:a:finto:langfuse:3.97.2
Finto » Langfuse » Version: 3.97.3

cpe:2.3:a:finto:langfuse:3.97.3
Finto » Langfuse » Version: 3.97.4

cpe:2.3:a:finto:langfuse:3.97.4
Finto » Langfuse » Version: 3.97.5

cpe:2.3:a:finto:langfuse:3.97.5
Finto » Langfuse » Version: 3.98.0

cpe:2.3:a:finto:langfuse:3.98.0
Finto » Langfuse » Version: 3.98.1

cpe:2.3:a:finto:langfuse:3.98.1
Finto » Langfuse » Version: 3.98.2

cpe:2.3:a:finto:langfuse:3.98.2
Finto » Langfuse » Version: 3.99.0

cpe:2.3:a:finto:langfuse:3.99.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-59305

Products

Pricing

Contact Us