CVE-2025-9799 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2025-9799?

CVE-2025-9799 has a CVSS score of 5.0 (MEDIUM). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Langfuse's webhook handler. Attackers can manipulate the promptChangeEventSourcing function to make the server send unauthorized requests to internal systems. Organizations using Langfuse up to version 3.88.0 are affected.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Langfuse's webhook handler. Attackers can manipulate the promptChangeEventSourcing function to make the server send unauthorized requests to internal systems. Organizations using Langfuse up to version 3.88.0 are affected.

💻 Affected Systems

Products:

Langfuse

Versions: Up to and including 3.88.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with webhook functionality enabled and accessible to attackers.

📦 What is this software?

Langfuse by Langfuse

View all CVEs affecting Langfuse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to other systems within the network.

🟠

Likely Case

Limited data exposure from internal services accessible to the Langfuse server, potentially including metadata or configuration information.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact is limited to services the Langfuse server can already access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details are publicly available but require specific conditions and knowledge of the target environment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.89.0 or later

Vendor Advisory: https://github.com/langfuse/langfuse/issues/8522

Restart Required: No

Instructions:

1. Update Langfuse to version 3.89.0 or later. 2. Verify the update completed successfully. 3. Test webhook functionality.

🔧 Temporary Workarounds

Restrict Webhook Access

all

Limit access to the webhook endpoint using network controls or authentication.

Implement Egress Filtering

all

Restrict outbound connections from the Langfuse server to only necessary destinations.

🧯 If You Can't Patch

Isolate the Langfuse server in a restricted network segment with limited outbound access.
Implement strict input validation and URL sanitization for webhook parameters.

🔍 How to Verify

Check if Vulnerable:

Check Langfuse version: if version <= 3.88.0, system is vulnerable.

Check Version:

Check Langfuse dashboard or deployment configuration for version number.

Verify Fix Applied:

Confirm Langfuse version is 3.89.0 or higher and test webhook functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Langfuse server to internal IPs
Webhook requests with unusual URL parameters

Network Indicators:

HTTP requests from Langfuse server to unexpected internal destinations
Patterns of requests to metadata services (169.254.169.254, etc.)

SIEM Query:

source="langfuse" AND (dest_ip IN internal_range OR dest_ip=169.254.169.254)

📊 Metadata

CVE ID: CVE-2025-9799

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: September 1, 2025

Last Updated: December 2, 2025

🔗 References

https://github.com/langfuse/langfuse/issues/8522 Exploit,Issue Tracking
https://github.com/langfuse/langfuse/issues/8522#issue-3320549867 Exploit,Issue Tracking
https://vuldb.com/?ctiid.322114 Permissions Required,VDB Entry
https://vuldb.com/?id.322114 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.641128 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9799, you might also want to check these: