CVE-2025-3578

Name of the Vulnerable Software and Affected Versions Aidex versions prior to 1.7

Description A malicious, authenticated user could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments, and cause bugs that would result in the exfiltration of sensitive information. These actions could be carried out through the misuse of LLM Prompt (chatbot) technology, via the "/api//message" endpoint, by manipulating the contents of the content parameter.

Recommendations For Aidex versions prior to 1.7, as a temporary workaround, consider restricting access to the "/api//message" endpoint until a patch is available. Additionally, avoid using the content parameter in the affected API endpoint until the issue is resolved. Update to version 1.7 or later to fully resolve the issue.