Cybersecurity Vulnerabilities

CVE-2025-65107: Critical Account Takeover Vulnerability Patched in Langfuse

November 22, 2025 - By 

Overview

CVE-2025-65107 describes a medium severity security vulnerability affecting Langfuse, an open-source large language model (LLM) engineering platform. This vulnerability, if exploited, could allow for unauthorized account takeover under specific configurations. The vulnerability exists in versions 2.95.0 to before 2.95.12 and 3.17.0 to before 3.131.0. A successful attack requires an authenticated user to be tricked into clicking a specially crafted URL. Patches are available in versions 2.95.12 and 3.131.0.

Technical Details

The vulnerability stems from insecure SSO provider configurations. Specifically, when an explicit AUTH_<PROVIDER>_CHECK setting is not defined, the system is susceptible to Cross-Site Request Forgery (CSRF) or phishing attacks. An attacker could craft a malicious URL that, when visited by an authenticated Langfuse user, could potentially lead to account compromise. The absence of the AUTH_<PROVIDER>_CHECK parameter means there is insufficient validation of the origin of the request, making the system vulnerable.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-65107 is 6.5, which is categorized as MEDIUM severity. This score reflects the potential impact of a successful account takeover, balanced against the need for user interaction (clicking a malicious link).

Possible Impact

A successful exploitation of this vulnerability could have serious consequences, including:

  • Account Takeover: An attacker could gain complete control over a Langfuse user’s account.
  • Data Breach: Sensitive data associated with the compromised account could be exposed or stolen.
  • Malicious Activity: An attacker could use the compromised account to perform unauthorized actions within the Langfuse platform, potentially affecting LLM models or data pipelines.
  • Reputational Damage: If exploited, the security incident could negatively impact the reputation of organizations using vulnerable Langfuse versions.

Mitigation and Patch Steps

The recommended mitigation steps are as follows:

  1. Upgrade Langfuse: Upgrade to version 2.95.12 or 3.131.0 (or later) immediately. These versions contain the necessary patches to address the vulnerability.
  2. Workaround (if immediate upgrade is not possible): Explicitly set the AUTH_<PROVIDER>_CHECK configuration setting for your SSO provider. Consult the Langfuse documentation for specific details on how to configure this setting.
  3. User Awareness: Educate users about the risks of phishing attacks and the importance of verifying the authenticity of links before clicking them.

References

GitHub Security Advisory: GHSA-w9pw-c549-5m6w

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *