CVE-2025-2334 MEDIUM

CVE-2025-2334: 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control

Vendor 274056675
Product springboot-openai-chatgpt
Weakness CWE-284
Published March 15, 2025
Last update March 17, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 15, 2025 CVE published
March 17, 2025 Record updated