CVE-2025-68492 | THREATINT

Description

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.

PUBLISHED Reserved 2025-12-19 | Published 2026-01-14 | Updated 2026-01-15 | Assigner jpcert

MEDIUM: 4.2CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

Authorization bypass through user-controlled key

Product status

prior to 2.8.5

affected

References

github.com/Chainlit/chainlit/releases

jvn.jp/en/jp/JVN34964581/

cve.org (CVE-2025-68492)

nvd.nist.gov (CVE-2025-68492)

Download JSON