{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2334","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-15T09:23:51.600Z","datePublished":"2025-03-15T23:00:09.225Z","dateUpdated":"2025-03-17T16:08:29.430Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-15T23:00:09.225Z"},"title":"274056675 springboot-openai-chatgpt Chat History chat deleteChat access control","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"274056675","product":"springboot-openai-chatgpt","versions":[{"version":"e84f6f5","status":"affected"}],"modules":["Chat History Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in 274056675 springboot-openai-chatgpt e84f6f5 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion deleteChat der Datei /api/mjkj-chat/chat/ai/delete/chat der Komponente Chat History Handler. Mittels dem Manipulieren des Arguments chatListId mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.5,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P"}}],"timeline":[{"time":"2025-03-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-15T10:28:54.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"aibot88 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.299799","name":"VDB-299799 | 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.299799","name":"VDB-299799 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.505688","name":"Submit #505688 | 274056675 Web No version commitID e84f6f5 Improper Access Controls","tags":["third-party-advisory"]},{"url":"https://www.cnblogs.com/aibot/p/18732182","tags":["exploit"]}]},"adp":[{"references":[{"url":"https://www.cnblogs.com/aibot/p/18732182","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-17T16:08:21.238495Z","id":"CVE-2025-2334","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-17T16:08:29.430Z"}}]}}