CVE-2025-7894: Onyx Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection

Q: What is the severity of CVE-2025-7894?

CVE-2025-7894 is classified as a critical vulnerability.

Q: How do I fix CVE-2025-7894?

To fix CVE-2025-7894, you should upgrade the Onyx Chat Interface to version 0.29.2 or later.

Q: What is affected by CVE-2025-7894?

CVE-2025-7894 affects the Onyx Chat Interface up to version 0.29.1.

Q: What component is impacted by CVE-2025-7894?

CVE-2025-7894 impacts the function generate_simple_sql in the Onyx Chat Interface.

Q: What type of vulnerability is CVE-2025-7894?

CVE-2025-7894 is a manipulation vulnerability that affects the backend SQL generation.

Published Jul 20, 2025

Updated

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

2 affected components

Onyx Chat Interface<=0.29.1

Onyx onyx<=0.29.1

Event History

Jul 20, 2025

CVE Published

via MITRE·02:02 PM

Data Sourced

via MITRE·02:02 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·02:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-7894?

CVE-2025-7894 is classified as a critical vulnerability.

How do I fix CVE-2025-7894?

To fix CVE-2025-7894, you should upgrade the Onyx Chat Interface to version 0.29.2 or later.

What is affected by CVE-2025-7894?

CVE-2025-7894 affects the Onyx Chat Interface up to version 0.29.1.

What component is impacted by CVE-2025-7894?

CVE-2025-7894 impacts the function generate_simple_sql in the Onyx Chat Interface.

What type of vulnerability is CVE-2025-7894?