External risk intelligence

LangChain-ChatGLM-Webui Sensitive File Disclosure Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-45150

The product is a web-based user interface (Webui) designed for interacting with AI models. Such applications are typically deployed as internet-facing services to allow remote access for users, making the web interface and its underlying file handling functions commonly exposed to the public internet.

X D Lab Langchain Chatglm Webui

2023-05-23

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability in the LangChain-ChatGLM-Webui allows unauthorized access to sensitive files through specially crafted requests. This issue could potentially expose confidential information if the affected application is deployed in a way that makes it accessible externally. The main concern is confirming whether this specific application and its vulnerable configuration are in use.

  • Flaw lets anyone view sensitive files.
  • Affects web interface for AI model interaction.
  • Confirm if we use this AI web tool.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending a specially crafted request to the LangChain-ChatGLM-Webui application. This would allow them to access and download sensitive files from the system without needing any special permissions. The vulnerability stems from insecurely configured permissions within the application's code.

  • No authentication needed.
  • Triggered by crafted requests.
  • Allows sensitive file access.

Live Threat

Current exploitation, exposure, and threat context

When supported by the advisory, insecure permissions in LangChain-ChatGLM-Webui could allow unauthenticated attackers to view and download sensitive files by sending a specially crafted request.

  • Sensitive files could be exposed.
  • Attackers could supply crafted requests.
  • Unauthorized data access is a risk.

Operational Fix

Recommended remediation, mitigation, and detection steps

The product owner, likely an application or platform team, must first identify all deployments of the affected web UI. Confirming reachability and business criticality will inform prioritization. Once accountable owners are identified, a remediation plan, potentially involving vendor coordination, can be developed.

  • Application owners should manage the issue.
  • Verify public exposure and data access.
  • Plan vendor coordination and secure updates.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is LangChain-ChatGLM-Webui?

LangChain-ChatGLM-Webui is an open-source web-based user interface used to interact with Large Language Models (LLMs). It provides a front-end environment that allows users to manage and query AI models through their browsers, acting as a bridge between the user and the underlying artificial intelligence infrastructure.

What does CWE-732 mean for CVE-2025-45150?

CWE-732 refers to Incorrect Permission Assignment for Critical Resource. In the context of CVE-2025-45150, this means the software does not properly restrict who can access or download files from the system. Because these permissions are set incorrectly, the application inadvertently allows unauthorized users to interact with sensitive files that should be protected.

How is this vulnerability triggered?

The flaw is triggered when an attacker sends a specially crafted network request to the application. This request exploits the weak permission structure to access files on the host system. It does not require the attacker to have an existing account, valid credentials, or prior authorization to successfully retrieve or download sensitive information.

Is my instance at risk according to Halo Surface Signal?

Halo Surface Signal indicates that because this is a web interface, it is commonly deployed as an internet-facing service for remote access. This makes it a high-priority concern if your instance is accessible from the public internet, as the application's file-handling functions are directly reachable by unauthorized external actors.

What steps should I take if I use this software?

First, locate all deployments of the application within your infrastructure to assess their reachability. Since the issue stems from the software's internal configuration, prioritize confirming whether the web UI is internet-facing. Once identified, consult the project maintainers for official updates or configuration changes, and consider restricting network access to the interface until a secure version is available.

References