PT-2025-30418 · Unknown · Deepfiction Ai
Published
2025-07-22
·
Updated
2025-07-22
·
CVE-2025-51867
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Deepfiction AI versions prior to June 3, 2025
Description
An Insecure Direct Object Reference (IDOR) vulnerability exists in Deepfiction AI. This allows attackers to access and utilize other users' credits for interacting with the Large Language Model (LLM). The vulnerability is exploitable through the
/browse/stories endpoint, which exposes sensitive information.Recommendations
Restrict access to the
/browse/stories endpoint.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deepfiction Ai