CVE-2025-2334
Published: 15 March 2025
Summary
CVE-2025-2334 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in 274056675 Springboot-Openai-Chatgpt. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-2334 is a problematic vulnerability involving improper access controls in the deleteChat function of the Chat History Handler component within the 274056675 springboot-openai-chatgpt project at commit e84f6f5. The issue arises from manipulation of the chatListId argument in the endpoint /api/mjkj-chat/chat/ai/delete/chat. Classified under CWE-266 (Incorrect Privilege Assignment) and CWE-284 (Improper Access Control), it carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) and was published on 2025-03-15.
An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By manipulating the chatListId parameter, the attacker can bypass access controls, potentially leading to unauthorized deletion of chat history, resulting in low impacts to integrity (I:L) and availability (A:L) with no confidentiality impact.
Advisories and details are available in references including VulDB entries at https://vuldb.com/?ctiid.299799, https://vuldb.com/?id.299799, and https://vuldb.com/?submit.505688, as well as https://www.cnblogs.com/aibot/p/18732182. The exploit has been publicly disclosed and may be used.
This vulnerability affects a Spring Boot application integrating OpenAI ChatGPT functionality, highlighting access control risks in AI chat history management.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6651
Vulnerability details
A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is…
more
possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, chatgpt, openai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper access control (IDOR) in web API allows remote authenticated attackers to delete other users' chat history by manipulating chatListId, enabling exploitation of public-facing application (T1190), remote services (T1210), and privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-3 requires systems to enforce approved access authorizations, directly preventing unauthorized deletion of chat history via chatListId manipulation in the deleteChat function.
AC-6 implements least privilege to restrict low-privileged (PR:L) users from accessing or deleting chat history not assigned to them, addressing CWE-266 incorrect privilege assignment.
AC-24 ensures access control decisions verify user ownership of the chatListId parameter before permitting deletion actions in the Chat History Handler.