A vulnerability, which was classified as critical, has been found in Langfuse up to 3.88.0. Affected by this vulnerability is the function
promptChangeEventSourcing
of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery.
This vulnerability was named CVE-2025-9799. The attack may be initiated remotely. In addition, an exploit is available.