PT-2025-30423 · Unknown · Ai2 Playground Web Service
Published
2025-07-22
·
Updated
2025-07-22
·
CVE-2025-51865
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ai2 playground web service versions prior to 2025-06-04
Description
The Ai2 playground web service is susceptible to an Insecure Direct Object Reference (IDOR) issue. This allows attackers to access sensitive information by enumerating thread keys within the URL.
Recommendations
Versions prior to 2025-06-04 should be updated. Consider implementing stricter access controls to prevent unauthorized access to thread keys.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai2 Playground Web Service