CVE-2025-68700 | infiniflow ragflow up to 0.22.x Frontend Canvas CodeExec eval os command injection

Inserito da Angelo Barbosa | Dic 31, 2025 | CVE

A vulnerability classified as critical has been found in infiniflow ragflow up to 0.22.x. This affects the function eval of the component Frontend Canvas CodeExec Component. Performing manipulation results in os command injection.

This vulnerability was named CVE-2025-68700. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2025-68700 | infiniflow ragflow up to 0.22.x Frontend Canvas CodeExec eval os command injection

Post correlati

CVE-2025-23818 | Peggy Kuo More Link Modifier Plugin up to 1.0.3 on WordPress cross-site request forgery

CVE-2024-35743 | Siteclean SC Filechecker Plugin up to 0.6 on WordPress path traversal

CVE-2024-54543 | Apple macOS Web memory corruption

CVE-2024-10654 | TOTOLINK LR350 up to 9.3.5u.6369 /formLoginAuth.htm authCode authorization