CVE-2025-3578

Published Apr 15, 2025

Last updated 2 months ago

CVSS critical 9.3

Overview

Description
A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possible to cause bugs that would result in the exfiltration of sensitive information, such as details about the software or internal system paths. These actions could be carried out through the misuse of LLM Prompt (chatbot) technology, via the /api/<string-chat>/message endpoint, by manipulating the contents of the ‘content’ parameter.
Source
cve-coordination@incibe.es
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

cve-coordination@incibe.es
CWE-1039

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-3578 ⚠️🔴 CRITICAL (9.3) 🏢 AiDex - AiDex 🏗️ 0 🔗 https://t.co/TMq22dY2ZS #CyberCron #VulnAlert #InfoSec https://t.co/qg1MCH6Fz4

    @cybercronai

    16 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-3578 ALERT: A critical Aidex flaw (pre-v1.7) lets attackers abuse LLM chat to access credentials &amp; modify accounts. Update now. More details 👇 #Cybersecurity #Infosec #Vulnerability #LLM #CVE https://t.co/2WcOKiV6PD

    @threatsbank

    15 Apr 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-3578 Authentication Bypass and Credential Exposure in Aidex LLM Chatbot API Endpoint https://t.co/Q7kCAXtcox

    @VulmonFeeds

    15 Apr 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-3578: CRITICAL] Vulnerable Aidex versions expose critical user credentials and allow unauthorized user manipulation via LLM Prompt chatbot technology. Exploitation can lead to sensitive data leaks.#cybersecurity,#vulnerability https://t.co/z55hljtk6k https://t.co/m2bN7O

    @CveFindCom

    15 Apr 2025

    11 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

References

Sources include official advisories and independent security research.