CVE-2025-7894 | Onyx up to 0.29.1 Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component Chat Interface. The manipulation leads to sql injection.

The identification of this vulnerability is CVE-2025-7894. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More