Description

Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.

INFO

Published Date :

2025-09-24T00:00:00.000Z

Last Modified :

2025-09-25T16:29:09.850Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59305 vulnerability.

Vendors Products
Langfuse
  • Langfuse
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59305.

URL Resource
https://depthfirst.com/post/how-an-authorization-flaw-reveals-a-common-security-blind-spot-cve-2025-59305-case-study cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact