We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-3578

Adversarial Input Handling Vulnerability in AiDex



Description

A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possible to cause bugs that would result in the exfiltration of sensitive information, such as details about the software or internal system paths. These actions could be carried out through the misuse of LLM Prompt (chatbot) technology, via the /api/<string-chat>/message endpoint, by manipulating the contents of the ‘content’ parameter.

Reserved 2025-04-14 | Published 2025-04-15 | Updated 2025-04-15 | Assigner INCIBE


CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-1039: Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism

Product status

Default status
unaffected

Any version before 1.7
affected

Credits

David Utón Amaya (m3n0sd0n4ld) finder

References

www.incibe.es/...otices/aviso/multiple-vulnerabilities-aidex

cve.org (CVE-2025-3578)

nvd.nist.gov (CVE-2025-3578)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-3578

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.