ByteOS Network

NVD Vulnerability Details :

CVE-2025-27518

Deferred

Source-security-advisories@github.com

Published At-07 Mar, 2025 | 16:15

Updated At-15 Apr, 2026 | 00:35

Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	security-advisories@github.com

CWE ID: CWE-79

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/truefoundry/cognita/commit/75079c3d3cf376381489b9a82ee46c69024e1a15	security-advisories@github.com	N/A
https://github.com/truefoundry/cognita/pull/424	security-advisories@github.com	N/A
https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/	security-advisories@github.com	N/A