CVE-2025-2334

MediumPublic PoC

Published: 15 March 2025

Published

15 March 2025

Modified

21 October 2025

KEV Added

—

Patch

—

CVSS Score 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS Score 0.0007 21.4th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

Security Summary

CVE-2025-2334 is a problematic vulnerability involving improper access controls in the deleteChat function of the Chat History Handler component within the 274056675 springboot-openai-chatgpt project at commit e84f6f5. The issue arises from manipulation of the chatListId argument in the endpoint /api/mjkj-chat/chat/ai/delete/chat. Classified under CWE-266 (Incorrect Privilege Assignment) and CWE-284 (Improper Access Control), it carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) and was published on 2025-03-15.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By manipulating the chatListId parameter, the attacker can bypass access controls, potentially leading to unauthorized deletion of chat history, resulting in low impacts to integrity (I:L) and availability (A:L) with no confidentiality impact.

Advisories and details are available in references including VulDB entries at https://vuldb.com/?ctiid.299799, https://vuldb.com/?id.299799, and https://vuldb.com/?submit.505688, as well as https://www.cnblogs.com/aibot/p/18732182. The exploit has been publicly disclosed and may be used.

This vulnerability affects a Spring Boot application integrating OpenAI ChatGPT functionality, highlighting access control risks in AI chat history management.

Details

CWE(s): CWE-266CWE-284

Affected Products

274056675

springboot-openai-chatgpt

2024-12-29

AI Security Analysis

AI Category: Enterprise AI Assistants
Risk Domain: Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: The vulnerability affects 'springboot-openai-chatgpt', a Spring Boot application integrating OpenAI ChatGPT for AI chat functionality, including chat history management via API endpoints, fitting the Enterprise AI Assistants category as it is an enterprise-level AI chat application.

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Improper access control (IDOR) in web API allows remote authenticated attackers to delete other users' chat history by manipulating chatListId, enabling exploitation of public-facing application (T1190), remote services (T1210), and privilege escalation (T1068).

References

https://vuldb.com/?ctiid.299799
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.299799
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.505688
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.cnblogs.com/aibot/p/18732182
Exploit, Third Party Advisory · cna@vuldb.com
https://www.cnblogs.com/aibot/p/18732182
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0