CVE-2025-69286: CWE-340: Generation of Predictable Numbers or Identifiers in infiniflow ragflow
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner's account. Version 0.22.0 fixes the issue.
AI Analysis
Technical Summary
CVE-2025-69286 is a vulnerability classified under CWE-340, concerning the generation of predictable numbers or identifiers in the infiniflow RAGFlow engine, an open-source Retrieval-Augmented Generation platform. Prior to version 0.22.0, RAGFlow generates API keys and beta tokens (used for assistant/agent share authentication) using the same instance of URLSafeTimedSerializer with predictable inputs. This cryptographic misuse results in tokens that are mutually derivable, meaning possession of the beta token (shared assistant/agent URL) enables an attacker to compute the corresponding API key. Since the API key grants full control over the assistant/agent owner's account, this leads to a complete compromise of the account's confidentiality, integrity, and availability. The vulnerability requires no authentication or user interaction and can be exploited remotely. The CVSS 4.0 score of 8.9 reflects the high impact and ease of exploitation. The flaw arises from predictable token generation rather than a cryptographically secure random process, violating best practices for secret generation. The issue was resolved in version 0.22.0 by changing the key generation algorithm to use secure, non-predictable inputs and separate serializers for different token types. No public exploits have been reported yet, but the vulnerability is critical due to the potential for full account takeover.
Potential Impact
For European organizations using RAGFlow, especially those integrating it into AI-driven services or internal automation, this vulnerability poses a significant risk. An attacker who obtains a shared assistant/agent URL can derive API keys and fully control the associated accounts, potentially leading to unauthorized data access, manipulation of AI outputs, or disruption of services. This could compromise sensitive data processed by the AI, damage organizational reputation, and violate data protection regulations such as GDPR. The lack of authentication or user interaction required for exploitation increases the threat surface. Organizations relying on RAGFlow for customer-facing or internal AI assistants may face operational disruptions and data breaches. Furthermore, if attackers leverage compromised accounts to pivot within networks, broader systemic risks emerge. The vulnerability's high severity demands urgent remediation to prevent exploitation in European environments where AI adoption is growing rapidly.
Mitigation Recommendations
1. Upgrade all RAGFlow deployments to version 0.22.0 or later immediately to apply the fixed key generation mechanism. 2. Audit all shared assistant/agent URLs and beta tokens in use; revoke and regenerate tokens where possible to invalidate potentially compromised keys. 3. Implement strict access controls around token sharing, limiting distribution to trusted personnel and systems only. 4. Monitor logs for unusual access patterns or token usage indicative of unauthorized derivation attempts. 5. Employ network segmentation and least privilege principles to limit the impact of any compromised account. 6. Consider additional layers of authentication or token validation mechanisms external to RAGFlow to detect anomalies. 7. Educate developers and administrators on secure token generation and handling practices to prevent recurrence. 8. Regularly review and update cryptographic libraries and dependencies to ensure use of secure random number generators and serializers.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2025-69286: CWE-340: Generation of Predictable Numbers or Identifiers in infiniflow ragflow
Description
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner's account. Version 0.22.0 fixes the issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-69286 is a vulnerability classified under CWE-340, concerning the generation of predictable numbers or identifiers in the infiniflow RAGFlow engine, an open-source Retrieval-Augmented Generation platform. Prior to version 0.22.0, RAGFlow generates API keys and beta tokens (used for assistant/agent share authentication) using the same instance of URLSafeTimedSerializer with predictable inputs. This cryptographic misuse results in tokens that are mutually derivable, meaning possession of the beta token (shared assistant/agent URL) enables an attacker to compute the corresponding API key. Since the API key grants full control over the assistant/agent owner's account, this leads to a complete compromise of the account's confidentiality, integrity, and availability. The vulnerability requires no authentication or user interaction and can be exploited remotely. The CVSS 4.0 score of 8.9 reflects the high impact and ease of exploitation. The flaw arises from predictable token generation rather than a cryptographically secure random process, violating best practices for secret generation. The issue was resolved in version 0.22.0 by changing the key generation algorithm to use secure, non-predictable inputs and separate serializers for different token types. No public exploits have been reported yet, but the vulnerability is critical due to the potential for full account takeover.
Potential Impact
For European organizations using RAGFlow, especially those integrating it into AI-driven services or internal automation, this vulnerability poses a significant risk. An attacker who obtains a shared assistant/agent URL can derive API keys and fully control the associated accounts, potentially leading to unauthorized data access, manipulation of AI outputs, or disruption of services. This could compromise sensitive data processed by the AI, damage organizational reputation, and violate data protection regulations such as GDPR. The lack of authentication or user interaction required for exploitation increases the threat surface. Organizations relying on RAGFlow for customer-facing or internal AI assistants may face operational disruptions and data breaches. Furthermore, if attackers leverage compromised accounts to pivot within networks, broader systemic risks emerge. The vulnerability's high severity demands urgent remediation to prevent exploitation in European environments where AI adoption is growing rapidly.
Mitigation Recommendations
1. Upgrade all RAGFlow deployments to version 0.22.0 or later immediately to apply the fixed key generation mechanism. 2. Audit all shared assistant/agent URLs and beta tokens in use; revoke and regenerate tokens where possible to invalidate potentially compromised keys. 3. Implement strict access controls around token sharing, limiting distribution to trusted personnel and systems only. 4. Monitor logs for unusual access patterns or token usage indicative of unauthorized derivation attempts. 5. Employ network segmentation and least privilege principles to limit the impact of any compromised account. 6. Consider additional layers of authentication or token validation mechanisms external to RAGFlow to detect anomalies. 7. Educate developers and administrators on secure token generation and handling practices to prevent recurrence. 8. Regularly review and update cryptographic libraries and dependencies to ensure use of secure random number generators and serializers.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-12-31T16:36:25.943Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69559c9ddb813ff03e037d1c
Added to database: 12/31/2025, 9:58:53 PM
Last enriched: 1/7/2026, 11:41:41 PM
Last updated: 1/8/2026, 7:22:41 AM
Views: 25
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-0700: SQL Injection in code-projects Intern Membership Management System
MediumCVE-2025-13679: CWE-862 Missing Authorization in themeum Tutor LMS – eLearning and online course solution
MediumCVE-2026-0699: SQL Injection in code-projects Intern Membership Management System
MediumCVE-2026-0698: SQL Injection in code-projects Intern Membership Management System
MediumCVE-2026-0697: SQL Injection in code-projects Intern Membership Management System
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.