Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-65107

CVE-2025-65107: Langfuse Auth Bypass Vulnerability

CVE-2025-65107 is an authentication bypass vulnerability in Langfuse that enables account takeover through CSRF or phishing attacks in SSO configurations. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-65107 Overview

CVE-2025-65107 is an authorization vulnerability affecting Langfuse, an open source large language model (LLM) engineering platform. The flaw exists in Single Sign-On (SSO) provider configurations that lack an explicit AUTH_<PROVIDER>_CHECK setting. An attacker can leverage a Cross-Site Request Forgery (CSRF) or phishing vector to trigger an account takeover when an authenticated user visits a crafted URL. The issue is tracked under [CWE-285: Improper Authorization] and impacts Langfuse versions 2.95.0 through 2.95.11 and 3.17.0 through 3.130.x. Maintainers released fixed builds in versions 2.95.12 and 3.131.0.

Critical Impact

Attackers can hijack Langfuse user accounts by tricking authenticated users into loading a crafted URL, granting adversary-controlled access to LLM engineering data and configurations.

Affected Products

  • Langfuse versions 2.95.0 to before 2.95.12
  • Langfuse versions 3.17.0 to before 3.131.0
  • SSO provider deployments without AUTH_<PROVIDER>_CHECK explicitly set

Discovery Timeline

  • 2025-11-21 - CVE-2025-65107 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-65107

Vulnerability Analysis

Langfuse supports multiple SSO providers for user authentication. The provider configuration accepts an AUTH_<PROVIDER>_CHECK setting that governs how identity claims from external identity providers are validated against existing accounts. When this setting is omitted, Langfuse falls back to a permissive linking behavior. An authenticated victim who navigates to an attacker-controlled URL can be forced to initiate an SSO flow that links or associates their session with an attacker-owned identity, resulting in account takeover.

The vulnerability is user-interaction dependent. It requires the victim to be authenticated and to click or load a malicious URL delivered through phishing or embedded on an attacker-controlled page. No prior credentials or elevated privileges are required from the attacker.

Root Cause

The root cause is missing authorization enforcement during SSO provider account linking. Without AUTH_<PROVIDER>_CHECK defined, the platform does not sufficiently validate whether the identity being linked belongs to the current authenticated session. This maps to [CWE-285: Improper Authorization].

Attack Vector

An attacker crafts a URL that triggers an SSO account-linking flow using an identity under attacker control. The attacker distributes the URL through phishing email, chat, or a CSRF payload embedded on a third-party site. When the authenticated Langfuse user follows the link, the linking operation completes and the attacker gains access to the victim's account. See the Langfuse Security Advisory GHSA-w9pw-c549-5m6w for maintainer details.

Detection Methods for CVE-2025-65107

Indicators of Compromise

  • Unexpected SSO provider linking events in Langfuse audit logs for existing user accounts
  • Authentication events originating from external identity provider domains not previously associated with a user
  • Successful login sessions immediately following inbound requests to SSO callback endpoints from unusual referrers

Detection Strategies

  • Review Langfuse application logs for SSO callback requests that include unexpected Referer or Origin headers pointing to third-party domains
  • Correlate account-linking events with user session activity to identify links performed without deliberate user action
  • Alert on new SSO identity associations added to privileged Langfuse accounts

Monitoring Recommendations

  • Ingest Langfuse authentication and audit logs into a centralized SIEM for continuous review
  • Monitor for anomalous outbound redirects to SSO provider authorization endpoints originating from user browsers on internal networks
  • Track Langfuse container or process version strings to confirm patched builds are deployed across all environments

How to Mitigate CVE-2025-65107

Immediate Actions Required

  • Upgrade Langfuse to version 2.95.12 or 3.131.0 or later without delay
  • Audit existing user accounts for unauthorized SSO identity links and remove any that cannot be verified
  • Notify Langfuse users of the phishing and CSRF risk and require re-authentication where account integrity is uncertain

Patch Information

Langfuse maintainers addressed the vulnerability in versions 2.95.12 and 3.131.0. Deployment instructions and the full advisory are available at the Langfuse GitHub Security Advisory GHSA-w9pw-c549-5m6w.

Workarounds

  • Set the AUTH_<PROVIDER>_CHECK environment variable explicitly for each configured SSO provider to enforce identity validation
  • Restrict Langfuse administrative interfaces to trusted networks while patching is in progress
  • Educate users to avoid clicking Langfuse-related URLs delivered through untrusted email or messaging channels
bash
# Configuration example: enforce SSO provider check for Google as an example provider
export AUTH_GOOGLE_CHECK=true
# Repeat for each configured provider, for example:
# export AUTH_GITHUB_CHECK=true
# export AUTH_OKTA_CHECK=true

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.