CVE-2025-68492

CVSS v3.1

4.2

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-68492

Affected Products

Chainlit

CVE-2025-68492

Weakness Enumeration

Related Identifiers

Affected Products

References · 3