CVE-2025-63390 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication c…
Medium CVSS: 5.3

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed data includes: workspace identifiers (id, name, slug), AI model configurations (chatProvider, chatModel, agentProvider), system prompts (openAiPrompt), operational parameters (temperature, history length, similarity thresholds), vector search settings, chat modes, and timestamps.
Vendor
Mintplexlabs
Product
Anythingllm
CWE
CWE-306
Yayın Tarihi
2025-12-18 16:15:54
Güncelleme
2026-01-22 18:16:44
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-306 Anythingllm MEDIUM Mintplexlabs 2025

Referanslar

https://gist.github.com/Cristliu/0897bceac5fdc2d945304b5087a84f14 https://gist.github.com/Cristliu/ba529c99abec87102e5ef36435d02a6d https://github.com/Mintplex-Labs/anything-llm/issues