CVE-2025-51869

HIGH

Liner <2025-06-03 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-51869. PoCs published by Secsys-FDU.

AI-analyzed exploit summary The repository describes an Insecure Direct Object Reference (IDOR) vulnerability in Liner's AI search engine, where predictable message IDs allow attackers to brute-force and access other users' conversation histories. The analysis includes technical details about the ID format and API behavior but lacks functional exploit code.

Description

Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id, thread_id, and message_id parameters to the v1/space/{space_id}/thread/{thread_id}/message/{message_id} endpoint.

Exploits (1)

nomisec WRITEUP 1 stars
by Secsys-FDU · poc
https://github.com/Secsys-FDU/CVE-2025-51869

The repository describes an Insecure Direct Object Reference (IDOR) vulnerability in Liner's AI search engine, where predictable message IDs allow attackers to brute-force and access other users' conversation histories. The analysis includes technical details about the ID format and API behavior but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Liner AI search engine (version not specified)
Auth required
Prerequisites: Valid Authorization token · Access to the target API endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0042
EPSS Percentile 33.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-639
Status published
Published Jul 21, 2025
Tracked Since Feb 18, 2026