PT-2025-30339 · Dippy · Dippy
Published
2025-07-21
·
Updated
2025-07-21
·
CVE-2025-51868
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dippy version 2
Description
An Insecure Direct Object Reference (IDOR) vulnerability exists in Dippy that allows attackers to gain sensitive information. The vulnerability is present in the
conversation history API endpoint and is exploitable through manipulation of the conversation id parameter.Recommendations
Restrict access to the
conversation history API endpoint.
Sanitize or validate the conversation id parameter to prevent unauthorized access to sensitive information.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dippy