CVE-2025-64504: Langfuse Cross-Organization Member Enumeration

Note

TL;DR: CVE-2025-64504 is a Broken Access Control vulnerability in Langfuse where the server trusted a user-supplied orgId instead of the session-bound organization ID. An authenticated attacker could enumerate names and emails of any organization’s members if the target orgId was known. Fixed in v2.95.11 and v3.124.1.

Executive Summary

CVE-2025-64504 identifies a critical flaw in the authorization logic of Langfuse’s project membership APIs. The vulnerability allows any authenticated user to bypass organization boundaries and extract sensitive user data (names and email addresses) from other organizations hosted on the same Langfuse instance.

The issue stems from a discrepancy between how the server validates the requested organization and how it authenticates the user. By manipulating the orgId parameter in specific TRPC endpoints, an attacker can pivot from their own organization to any other target organization, provided the target’s unique identifier is known or can be guessed.

Technical Analysis

The vulnerability is located within the TRPC (TypeScript Remote Procedure Call) implementation of the project membership APIs. Specifically, the backend failed to strictly enforce the orgId associated with the authenticated user session, instead relying on the orgId provided within the request payload for authorization checks.

Vulnerable Logic

In the affected versions, the API endpoints accepted an orgId as an input parameter. The authorization middleware verified that the user was authenticated but did not sufficiently validate that the user actually belonged to the organization identified by the provided orgId.

The server essentially performed the following logic:

1. Check if the user has a valid session $\rightarrow$ Yes.
2. Fetch members for the provided orgId $\rightarrow$ Success.
3. Return data to the user.

The missing link was the verification: “Does the authenticated user in ctx.session have permissions for the requested orgId?”

Vulnerable Endpoints

The following TRPC endpoints were identified as the primary vectors for this enumeration:

• /api/trpc/members.allFromProject
• /api/trpc/members.allInvitesFromProject

Exploitation Flow

An attacker can exploit this vulnerability by following these steps:

1. Authentication: The attacker creates or uses an existing account on the target Langfuse instance to obtain a valid session token.
2. Target Identification: The attacker identifies the orgId of the target organization. Since orgIds are often UUIDs, this might require leakages from other sources or reconnaissance.
3. Payload Delivery: The attacker sends a crafted POST request to the vulnerable TRPC endpoints, replacing their own orgId with the target’s orgId.
4. Data Extraction: The server returns the list of all members or pending invitations, including full names and email addresses.

Forensic Investigation

From a forensic standpoint, this exploit leaves distinct traces in web server and application logs.

Log Analysis

Analysts should pivot on the identified TRPC endpoints. A successful attack is characterized by:

• HTTP Method: POST
• Endpoints: /api/trpc/members.allFromProject or /api/trpc/members.allInvitesFromProject
• Anomalous Behavior: A single authenticated user accessing multiple different orgId values within a short timeframe, or accessing an orgId that does not match their primary organizational assignment.

Behavioral IOCs

Since there are no static IPs associated with this vulnerability, detection must rely on behavioral analysis:

• High frequency of requests to membership APIs.
• Discrepancies between the user’s session metadata and the requested resource ID.

Detection

Sigma Rule

The following Sigma rule can be used to detect attempts to enumerate members across organizations.

title: Langfuse Cross-Organization Member Enumeration
description: Detects potential enumeration of members in Langfuse via project membership APIs by monitoring for mismatched orgIds in TRPC requests.
logsource:
    product: webserver
    service: apache/nginx/etc
detection:
    selection:
        url|contains:
            - '/api/trpc/members.allFromProject'
            - '/api/trpc/members.allInvitesFromProject'
    condition: selection
falsepositives:
    - Legitimate administrative actions (if any)
level: medium

Hunting Query (Splunk/ELK)

To hunt for historical evidence of this exploitation in web logs:

index=web_logs url="*members.allFromProject*" OR url="*members.allInvitesFromProject*" | stats count by client_ip, user_agent, url

Mitigation

Patching

Immediate update to the following versions is required:

• v2 branch: Update to v2.95.11 or later.
• v3 branch: Update to v3.124.1 or later.

Fix Analysis

The developers resolved the issue by removing the trust in the user-supplied orgId. The patched versions now ignore the orgId provided in the request input and instead force the use of ctx.session.orgId for both authorization and database querying. This ensures that users can only ever access data belonging to their own authenticated organizational context.

Sources

• CVE-2025-64504 MITRE
• NVD - CVE-2025-64504
• Langfuse Security Advisory (GHSA-94hf-6gqq-pj69)
• Langfuse Commit (v2 fix)
• Langfuse Commit (v3 fix)