What is CVE-2025-27135?

CVE-2025-27135 is a vulnerability in Infiniflow Ragflow, classified under SQL Injection. Published 2025-02-25.

Is CVE-2025-27135 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Infiniflow Ragflow

CVE-2025-27135

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. A…

Vulnerability class: SQL Injection

EPSS: 0.004 (62.2th percentile) — read the EPSS interpretation.

Affected products

Infiniflow Ragflow — versions <= 0.15.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/infiniflow/ragflow/security/advisories/GHSA-3gqj-66qm-25jq (x_refsource_CONFIRM)
https://github.com/infiniflow/ragflow/blob/v0.15.1/agent/component/exesql.py (x_refsource_MISC)
https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42?pvs=4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-27135?: CVE-2025-27135 is a vulnerability in Infiniflow Ragflow, classified under SQL Injection. Published 2025-02-25.
Is CVE-2025-27135 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.