CVE-2025-2334

Name of the Vulnerable Software and Affected Versions: springboot-openai-chatgpt version e84f6f5

Description: A problematic issue has been discovered, affecting the deleteChat function of the Chat History Handler component, specifically in the /api/mjkj-chat/chat/ai/delete/chat API endpoint. The manipulation of the chatListId argument leads to improper access controls, allowing for remote attacks. The exploit has been publicly disclosed.

Recommendations: For version e84f6f5, consider disabling the deleteChat function until a patch is available to prevent improper access controls. Restrict access to the /api/mjkj-chat/chat/ai/delete/chat API endpoint to minimize the risk of exploitation. Avoid using the chatListId argument in the affected API endpoint until the issue is resolved.