CVE-2025-68700
📋 TL;DR
CVE-2025-68700 is a critical remote code execution vulnerability in RAGFlow where authenticated low-privilege users can execute arbitrary system commands on the server. This occurs due to improper use of eval() on untrusted data in the Canvas CodeExec component, bypassing sandbox isolation. All RAGFlow instances running versions before 0.23.0 are affected.
💻 Affected Systems
- RAGFlow
📦 What is this software?
Ragflow by Infiniflow
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, lateral movement, ransomware deployment, or persistent backdoor installation.
Likely Case
Attacker gains full control of the RAGFlow server, accesses sensitive data, and potentially compromises other systems in the network.
If Mitigated
Limited impact with proper network segmentation and strict access controls, though RCE would still be possible for authenticated users.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. The vulnerability is in a core component with clear attack vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.23.0
Vendor Advisory: https://github.com/infiniflow/ragflow/security/advisories/GHSA-8xw3-v6c2-j84j
Restart Required: Yes
Instructions:
1. Backup your RAGFlow configuration and data. 2. Stop the RAGFlow service. 3. Update to version 0.23.0 or later using your package manager or by downloading from the official repository. 4. Restart the RAGFlow service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Disable Canvas CodeExec Component
allTemporarily disable the vulnerable Canvas CodeExec component to prevent exploitation.
Modify RAGFlow configuration to disable the Canvas CodeExec feature. Check documentation for specific configuration parameters.
Restrict User Access
allLimit access to only trusted administrators until patching can be completed.
Disable all normal user accounts and restrict access to admin accounts only.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate RAGFlow servers from critical systems
- Enable detailed logging and monitoring for suspicious command execution patterns
🔍 How to Verify
Check if Vulnerable:
Check if your RAGFlow version is below 0.23.0. Review configuration to see if Canvas CodeExec component is enabled.Check Version:
Check RAGFlow documentation for version command, typically via web interface or configuration files.Verify Fix Applied:
Confirm version is 0.23.0 or higher. Test that the Canvas CodeExec component no longer accepts arbitrary command execution.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in RAGFlow logs
- Multiple failed authentication attempts followed by successful login and command execution
- Unexpected system commands originating from RAGFlow process
Network Indicators:
- Outbound connections from RAGFlow server to suspicious external IPs
- Unusual data exfiltration patterns
SIEM Query:
Example: 'source="ragflow" AND (event="command_execution" OR event="eval")'