CVE-2025-59305 Overview
CVE-2025-59305 is an improper authorization vulnerability [CWE-285] in Langfuse 3.1 prior to commit d67b317. The flaw resides in the background migration TRPC endpoints, where authorization checks are missing. Any authenticated user can invoke privileged migration control functions, including backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry. Successful abuse can result in data corruption or denial of service against the Langfuse instance. Langfuse is an open source observability platform widely used for large language model (LLM) applications, which increases the risk surface for multi-tenant deployments.
Critical Impact
Any authenticated Langfuse user can trigger background migration operations, corrupting application data or disrupting service availability.
Affected Products
- Langfuse 3.1 before commit d67b317
- Self-hosted Langfuse deployments using TRPC background migration endpoints
- Multi-tenant Langfuse instances exposed to untrusted authenticated users
Discovery Timeline
- 2025-09-24 - CVE-2025-59305 published to the National Vulnerability Database (NVD)
- 2025-12-02 - Last updated in NVD database
Technical Details for CVE-2025-59305
Vulnerability Analysis
Langfuse exposes administrative background migration controls through TRPC endpoints. These endpoints lack authorization checks that would restrict invocation to administrative roles. Authentication alone is sufficient to call the migration handlers. As a result, any user with a valid session token can list migrations, query migration status, and retry migrations. The reachable endpoints include backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry. Triggering retries on migrations that are already complete or in progress can leave the database in an inconsistent state. Repeated invocation can also saturate background workers, producing a denial of service condition. Technical analysis of the root cause is described in the DepthFirst Case Study on CVE-2025-59305.
Root Cause
The migration endpoints were implemented without a role-based authorization guard. Langfuse relied on the TRPC authentication middleware as the only access control layer. This is a common implementation oversight where developers assume that an authenticated route is also an authorized route. The fix in commit d67b317 introduces explicit administrative authorization checks on these endpoints.
Attack Vector
An attacker requires a valid authenticated session in a vulnerable Langfuse instance. The attacker issues TRPC requests to backgroundMigrations.retry or related endpoints. No elevated privileges, user interaction, or local access are required. Exploitation is performed over the network through the standard Langfuse API. The vulnerability is described in prose only because no verified proof-of-concept code is published.
Detection Methods for CVE-2025-59305
Indicators of Compromise
- Unexpected TRPC requests to backgroundMigrations.all, backgroundMigrations.status, or backgroundMigrations.retry from non-administrative accounts
- Repeated migration retry attempts in Langfuse application logs from a single authenticated user
- Unexplained changes in background migration state or database schema versioning records
- Service degradation correlated with background worker saturation
Detection Strategies
- Inspect Langfuse application and reverse proxy logs for TRPC paths containing backgroundMigrations invoked by non-admin session tokens
- Compare the running Langfuse commit against the fixed reference d67b317 to identify vulnerable deployments
- Enable audit logging on the Langfuse API gateway and alert on calls to administrative TRPC procedures
Monitoring Recommendations
- Forward Langfuse application logs and authentication events to a centralized logging or SIEM platform
- Establish a baseline for which user roles legitimately access migration endpoints and alert on deviations
- Monitor background worker queue depth and migration retry counters for unexpected spikes
How to Mitigate CVE-2025-59305
Immediate Actions Required
- Upgrade Langfuse to a version that includes commit d67b317 or later
- Audit existing Langfuse user accounts and revoke unused or low-trust credentials
- Restrict network access to the Langfuse API so that only trusted clients can reach TRPC endpoints
- Review database state and background migration history for evidence of unauthorized retries
Patch Information
The vulnerability is fixed in Langfuse commit d67b317. Operators running Langfuse 3.1 builds before this commit must update to a patched release. See the DepthFirst Case Study on CVE-2025-59305 for additional context on the fix.
Workarounds
- Place Langfuse behind an authenticating reverse proxy that restricts /api/trpc/backgroundMigrations.* paths to administrative source addresses
- Disable self-service registration on internet-facing Langfuse deployments to reduce the population of authenticated users
- Rotate API keys and session secrets after upgrading to invalidate any sessions held by untrusted users
# Example NGINX restriction for background migration endpoints
location ~ ^/api/trpc/backgroundMigrations\. {
allow 10.0.0.0/8; # admin network only
deny all;
proxy_pass http://langfuse_upstream;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

