CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Infiniflow: >> Ragflow >> 0.16.0 Security Vulnerabilities

CVE-2025-48187

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.

CVSS Score

9.1

EPSS Score

0.001

Published

2025-05-17

Page 1

Vulnerabilities

Vulnerable Software

Infiniflow: >> Ragflow >> 0.16.0 Security Vulnerabilities

Products

Pricing

Contact Us