CVE-2025-2334
Published: 15 March 2025
Summary
CVE-2025-2334 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in 274056675 Springboot-Openai-Chatgpt. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 requires systems to enforce approved access authorizations, directly preventing unauthorized deletion of chat history via chatListId manipulation in the deleteChat function.
AC-6 implements least privilege to restrict low-privileged (PR:L) users from accessing or deleting chat history not assigned to them, addressing CWE-266 incorrect privilege assignment.
AC-24 ensures access control decisions verify user ownership of the chatListId parameter before permitting deletion actions in the Chat History Handler.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper access control (IDOR) in web API allows remote authenticated attackers to delete other users' chat history by manipulating chatListId, enabling exploitation of public-facing application (T1190), remote services (T1210), and privilege escalation (T1068).
NVD Description
A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is…
more
possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-2334 is a problematic vulnerability involving improper access controls in the deleteChat function of the Chat History Handler component within the 274056675 springboot-openai-chatgpt project at commit e84f6f5. The issue arises from manipulation of the chatListId argument in the endpoint /api/mjkj-chat/chat/ai/delete/chat. Classified under CWE-266 (Incorrect Privilege Assignment) and CWE-284 (Improper Access Control), it carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) and was published on 2025-03-15.
An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By manipulating the chatListId parameter, the attacker can bypass access controls, potentially leading to unauthorized deletion of chat history, resulting in low impacts to integrity (I:L) and availability (A:L) with no confidentiality impact.
Advisories and details are available in references including VulDB entries at https://vuldb.com/?ctiid.299799, https://vuldb.com/?id.299799, and https://vuldb.com/?submit.505688, as well as https://www.cnblogs.com/aibot/p/18732182. The exploit has been publicly disclosed and may be used.
This vulnerability affects a Spring Boot application integrating OpenAI ChatGPT functionality, highlighting access control risks in AI chat history management.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability affects 'springboot-openai-chatgpt', a Spring Boot application integrating OpenAI ChatGPT for AI chat functionality, including chat history management via API endpoints, fitting the Enterprise AI Assistants category as it is an enterprise-level AI chat application.