{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T15:21:55.122","vulnerabilities":[{"cve":{"id":"CVE-2025-48187","sourceIdentifier":"cve@mitre.org","published":"2025-05-17T13:15:47.750","lastModified":"2025-06-12T16:29:12.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting."},{"lang":"es","value":"RAGFlow, hasta la versión 0.18.1, permite el robo de cuentas, ya que es posible realizar ataques de fuerza bruta contra códigos de verificación de correo electrónico para realizar registros, inicios de sesión y restablecimientos de contraseña arbitrarios. Los códigos tienen seis dígitos y no tienen límite de velocidad."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*","versionEndIncluding":"0.18.1","matchCriteriaId":"0DBC5B6A-6597-43FA-8B39-591F0DF844D2"}]}]}],"references":[{"url":"https://github.com/infiniflow/ragflow/commits/main/","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://www.cnblogs.com/qiushuo/p/18881084","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://www.cnblogs.com/qiushuo/p/18881084","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}