CVE-2025-45691 identifies an Arbitrary File Read vulnerability in the ImageTextPromptValue class of Exploding Gradients RAGAS software versions 0.2.3 to 0.2.14. The vulnerability originates from inadequate validation and sanitization of URLs passed via the retrieved_contexts parameter, which is used to handle multimodal inputs combining image and text data. This flaw allows an attacker to craft malicious URLs that, when processed by the vulnerable class, can cause the application to read arbitrary files from the underlying file system. Such unauthorized file reads can lead to exposure of sensitive configuration files, credentials, or other critical data. The vulnerability does not require authentication, increasing its risk profile, and may be exploited remotely if the application processes user-supplied multimodal inputs without proper filtering. No CVSS score has been assigned yet, and no patches or known exploits are currently documented. The lack of proper input sanitization suggests a design oversight in handling external resource references within the multimodal input processing pipeline. This vulnerability highlights the risks inherent in complex AI systems that integrate multiple data modalities without robust security controls.

The primary impact of CVE-2025-45691 is unauthorized disclosure of sensitive information through arbitrary file reads. Attackers exploiting this vulnerability can access configuration files, credentials, or proprietary data stored on the affected system, potentially leading to further compromise or data breaches. For organizations relying on Exploding Gradients RAGAS in AI-driven applications, this could undermine confidentiality and trust in their systems. The vulnerability does not directly affect system integrity or availability but can serve as a stepping stone for more advanced attacks. Because it requires no authentication, any exposed interface processing multimodal inputs is at risk, increasing the attack surface. The absence of known exploits currently limits immediate widespread impact, but the vulnerability’s presence in AI frameworks used globally means that organizations in sectors such as technology, research, finance, and government could face significant risks if exploited. The potential exposure of sensitive AI model data or training inputs could also have intellectual property implications.

To mitigate CVE-2025-45691, organizations should implement strict validation and sanitization of all URL inputs supplied to the retrieved_contexts parameter in Exploding Gradients RAGAS. This includes enforcing allowlists for URL schemes and domains, rejecting or sanitizing any suspicious or unexpected URL formats. Deploy runtime monitoring to detect anomalous file access patterns indicative of exploitation attempts. Where possible, run the application with least privilege to limit file system access rights, preventing unauthorized reads beyond necessary directories. Until an official patch is released, consider isolating or disabling multimodal input features that accept external URLs. Conduct thorough code reviews and security testing focused on input handling in multimodal processing components. Additionally, maintain up-to-date inventories of affected software versions and prepare for rapid patch deployment once fixes become available. Educate developers and operators about the risks of improper input validation in AI frameworks to prevent similar vulnerabilities.