Main Vulnerability Database Exploits ID:12502 - Exploit for Path traversal in RAG API - CVE-2025-68414

ID:12502 - Exploit for Path traversal in RAG API - CVE-2025-68414

Published: March 17, 2026

Vulnerability identifier: #VU124046

Vulnerability risk: Medium

CVE-ID: CVE-2025-68414

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
RAG API

Link to public exploit:

https://github.com/Marshall-Hallenbeck/CVE_2025_68413-4

Vulnerability description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in /embed-local, /embed, and /embed-upload endpoints. A remote user can send a specially crafted HTTP request and delete arbitrary files on the system.

Remediation

Install updates from vendor's website.

ID:12502 - Exploit for Path traversal in RAG API - CVE-2025-68414

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human