Home

Description

Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and account hijacking via XSS.

PUBLISHED Reserved 2025-06-16 | Published 2025-07-22 | Updated 2025-07-22 | Assigner mitre

References

github.com/Secsys-FDU/CVE-2025-51862

cve.org (CVE-2025-51862)

nvd.nist.gov (CVE-2025-51862)

Download JSON