CVE-2025-45691 is a high-severity Arbitrary File Read vulnerability identified in the ImageTextPromptValue class within Exploding Gradients RAGAS versions 0.2.3 through 0.2.14. The root cause is insufficient validation and sanitization of URLs supplied via the retrieved_contexts parameter, which is used when handling multimodal inputs. This improper input handling allows an attacker to craft malicious URLs that exploit path traversal techniques (CWE-22) to access arbitrary files on the host system. Since the vulnerability can be exploited remotely without authentication or user interaction, it poses a significant risk of unauthorized data disclosure. The vulnerability affects the confidentiality of the system by potentially exposing sensitive files, such as configuration files, credentials, or proprietary data, while not impacting system integrity or availability. The CVSS 3.1 base score of 7.5 reflects the ease of exploitation (low attack complexity), no privileges required, and no user interaction needed. Although no public exploits have been reported, the vulnerability's nature and severity suggest it could be targeted by attackers focusing on AI and machine learning infrastructure. The lack of official patches at the time of reporting increases the urgency for organizations to implement mitigations or upgrade once fixes become available.

The primary impact of CVE-2025-45691 is unauthorized disclosure of sensitive information due to arbitrary file read capabilities. Attackers can remotely access files that may contain credentials, proprietary algorithms, or configuration data, leading to potential further compromise or intellectual property theft. Organizations relying on Exploding Gradients RAGAS for AI or multimodal data processing may face data breaches, loss of competitive advantage, and regulatory compliance issues related to data protection. Since the vulnerability does not affect integrity or availability, direct system disruption or data manipulation is less likely. However, the exposure of sensitive files can facilitate secondary attacks, including privilege escalation or lateral movement within networks. The ease of exploitation and lack of authentication requirements increase the risk of widespread exploitation if the vulnerability becomes publicly known or weaponized. This threat is particularly critical for organizations handling sensitive AI model data or operating in regulated industries such as finance, healthcare, and government sectors.

1. Immediate mitigation involves restricting network access to the Exploding Gradients RAGAS service to trusted users and internal networks only, reducing exposure to remote attackers. 2. Implement input validation and sanitization at the application layer to enforce strict URL and path constraints on the retrieved_contexts parameter, preventing path traversal characters or sequences. 3. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious URL patterns indicative of path traversal attempts. 4. Monitor logs for unusual file access patterns or errors related to file retrieval functions to detect potential exploitation attempts early. 5. Once available, promptly apply official patches or updates from Exploding Gradients to remediate the vulnerability. 6. Conduct a thorough security review of all multimodal input handling components to identify and remediate similar input validation weaknesses. 7. Educate development teams on secure coding practices related to file path handling and input sanitization to prevent recurrence. 8. Consider deploying runtime application self-protection (RASP) tools to detect and block exploitation attempts in real time. 9. Limit file system permissions of the application process to minimize accessible files in case of exploitation.