CVE-2025-57266 | THREATINT

Description

An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-29 | Updated 2025-09-29 | Assigner mitre

References

github.com/LiuYuYang01/ThriveX-Server/issues/55

gist.github.com/candyb0x/fccc49a989473b7f1e47479619eaf1ca

cve.org (CVE-2025-57266)

nvd.nist.gov (CVE-2025-57266)

Download JSON