CVE-2025-48757

Name of the Vulnerable Software and Affected Versions Lovable versions through 2025-04-15

Description An insufficient database Row-Level Security (RLS) policy in Lovable allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. This issue stems from insecure defaults and a lack of RLS validation before deployment. Reports indicate that over 300 insecure endpoints were exposed, potentially impacting over 170 applications. The vulnerability allowed unauthenticated users to manipulate entire database tables in production environments.

Recommendations For versions through 2025-04-15, ensure robust Row-Level Security policies are implemented and thoroughly validated before deploying applications.