What is CVE-2025-65107?

CVE-2025-65107 is a medium-severity vulnerability in Langfuse, classified under Cross-Site Request Forgery (CSRF). CVSS score: 6.5/10. Published 2025-11-21.

How severe is CVE-2025-65107?

Medium severity. CVSS v3 base score is 6.5 out of 10.

CSRF in Langfuse

CVE-2025-65107

Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTH_<PROVIDER>_CHECK setting, a potentia…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (4.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Langfuse — versions >= 2.95.0, < 2.95.12, >= 3.17.0, < 3.131.0

Weakness classification (CWE)

References

https://github.com/langfuse/langfuse/security/advisories/GHSA-w9pw-c549-5m6w (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-65107?: CVE-2025-65107 is a medium-severity vulnerability in Langfuse, classified under Cross-Site Request Forgery (CSRF). CVSS score: 6.5/10. Published 2025-11-21.
How severe is CVE-2025-65107?: Medium severity. CVSS v3 base score is 6.5 out of 10.