Cyber Resilience

CVE-2025-3578

Critical

Published: 15 April 2025

Published
15 April 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 48.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3578 is a critical-severity Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism (CWE-1039) vulnerability in Incibe (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked at the 48.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.

EU & UK References

Vulnerability details

A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possible to…

more

cause bugs that would result in the exfiltration of sensitive information, such as details about the software or internal system paths. These actions could be carried out through the misuse of LLM Prompt (chatbot) technology, via the /api/<string-chat>/message endpoint, by manipulating the contents of the ‘content’ parameter.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

The vulnerability allows authenticated users to list other users' credentials (T1552), create or modify application users (T1098, T1136), and exfiltrate system software details and internal paths (T1082, T1083) via LLM prompt manipulation in the chatbot API.

Affected Assets

Incibe
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References