Description

Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15.

INFO

Published Date :

2025-03-07T15:36:48.366Z

Last Modified :

2025-03-07T21:49:40.505Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27518 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27518.

URL Resource
https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15 cve-icon cve-icon
https://github.com/truefoundry/cognita/pull/424 cve-icon cve-icon
https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability