CVE-2025-14116 | xerrors Yuxi-Know up to 0.4.0 /src/models/embed.py OtherEmbedding.aencode health_url server-side request forgery

A vulnerability has been found in xerrors Yuxi-Know up to 0.4.0 and classified as critical. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery.

This vulnerability is identified as CVE-2025-14116. The attack can be initiated remotely. Additionally, an exploit exists.

To fix this issue, it is recommended to deploy a patch.

The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).VulDB Recent EntriesRead More