Deepfiction AI Insecure Direct Object Reference Vulnerability
漏洞信息
漏洞名称: Deepfiction AI Insecure Direct Object Reference Vulnerability
漏洞编号:
- CVE: CVE-2025-51867
漏洞类型: 未授权访问
漏洞等级: 中危
漏洞描述: Deepfiction AI是一家致力于革新个性化故事讲述的AI娱乐公司,其提供的Web应用程序允许用户通过与大型语言模型(LLM)聊天来创作故事。该应用程序的聊天组件存在不安全的直接对象引用(IDOR)漏洞。攻击者可以利用此漏洞,使用其他用户的信用与LLM进行聊天。
漏洞的根源在于API端点https://www.deepfiction.ai/api/story/create-story-part
仅依赖于请求体中的treatment_id
和user_id
字段进行访问控制。测试发现,公开可访问的对话列表页面https://www.deepfiction.ai/browse/stories
中暴露了id
和author_id
字段,这些字段直接对应于create-story-part
API预期的treatment_id
(映射到id
)和user_id
(映射到author_id
)参数。因此,攻击者可以将泄露的id
(作为treatment_id
)和author_id
(作为user_id
)替换到该API的请求中,从而利用其他用户的信用与LLM进行交互。
此外,通过网络流量分析(如通过数据包捕获)可以揭示每个角色的特定配置(角色设置),这些配置类似于系统提示,代表了LLM ChatBot的重要系统资源。这种暴露也是一种敏感数据泄露的形式,因为它可能揭示了专有的提示工程细节或角色定义。
此漏洞可能影响https://www.deepfiction.ai的任何用户。用户的聊天信用可能会因泄露的`treatment_id`和`user_id`而被滥用。
产品厂商: Deepfiction AI
产品名称: Deepfiction AI
来源: https://github.com/Secsys-FDU/CVE-2025-51867
类型: CVE-2025:github search
仓库文件
- README.md
- figure1.png
- figure2.png
- figure3.png
来源概述
CVE-2025-51867
Vulnerability description
Deepfiction AI is an AI entertainment company with a mission to revolutionize personalized storytelling. Deepfiction AI provide a web application to create stories by chatting with LLM, which is vulnerable to Insecure Direct Object Reference (IDOR) in its chat component. An attacker can exploit this IDOR to chat with LLM with other users’ credits.
Attack Vectors
The API endpoint https://www.deepfiction.ai/api/story/create-story-part
is utilized to initiate or continue conversations. Testing indicates that this API solely relies on the treatment_id
and user_id
fields within the request body for access control.
It has been observed that id
and author_id
fields are exposed in publicly accessible conversations listed on the webpage https://www.deepfiction.ai/browse/stories
. These exposed fields directly correspond to the treatment_id
(mapping to id
) and user_id
(mapping to author_id
) parameters expected by the create-story-part
API.
As a result, an attacker can substitute the leaked id
(as treatment_id
) and author_id
(as user_id
) into requests to this API. This enables them to interact with the Large Language Model (LLM) by consuming the credits of other users. The figures shows the POC of this vulnerability.
Additionally, analysis of network traffic (e.g., through packet capture) can reveal the specific role configurations (character settings) for each Character. These configurations are analogous to system prompts and represent important system resources of the LLM ChatBot. This exposure also constitutes a form of sensitive data leakage, as it may reveal proprietary prompt engineering details or character definitions.
Vulnerability affected
This vulnerability can have an impact on any user of https://www.deepfiction.ai. The chat credit of user will be abused with leaked treatment_id and user_id.