We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-48491

Project AI API Key Exposure in Source Code



Description

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.

Reserved 2025-05-22 | Published 2025-05-30 | Updated 2025-05-30 | Assigner GitHub_M


LOW: 2.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

Problem types

CWE-798: Use of Hard-coded Credentials

Product status

< pre-beta
affected

References

github.com/...ect-ai/security/advisories/GHSA-8486-vrcp-69rv

github.com/...ommit/142252c43f1dacb3fed99e3336f5cd863b028bc2

github.com/...ommit/1de910f353eb2a68c980149b906e7495459296ad

github.com/...ommit/54a69c3ccd301d35f3d54f4844d9910e609beb73

github.com/...ommit/7f3b93f9aa9085d5413b4019172b0e56676346d7

github.com/...ommit/8db90e3d9777850741804533ebde5824b4a5795c

github.com/...ommit/99e0e0718edb0e59c5d3c5a69903b87c69fcfe7a

github.com/...ommit/ab67979a46b0e343dc20a95a2b65d3c4994c31e7

github.com/...ommit/c1fb156418d98a1e6c60bb680db57e9558785093

cve.org (CVE-2025-48491)

nvd.nist.gov (CVE-2025-48491)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-48491

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.