CVE-2025-51867

MEDIUM

Deepfiction AI - IDOR

Title source: llm

Description

Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru June 3, 2025, allowing attackers to chat with the LLM using other users' credits via sensitive information gained by the /browse/stories endpoint.

Exploits (1)

nomisec WRITEUP

by Secsys-FDU · poc

https://github.com/Secsys-FDU/CVE-2025-51867

View Code ZIP pw:eip

References (1)

[Various Sources] https://github.com/Secsys-FDU/CVE-2025-51867

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Published Jul 22, 2025

Tracked Since Feb 18, 2026