Deepfiction AI Insecure Direct Object Reference Vulnerability

漏洞信息

漏洞名称: Deepfiction AI Insecure Direct Object Reference Vulnerability

漏洞编号:

  • CVE: CVE-2025-51867

漏洞类型: 未授权访问

漏洞等级: 中危

漏洞描述: Deepfiction AI是一家致力于革新个性化故事讲述的AI娱乐公司,其提供的Web应用程序允许用户通过与大型语言模型(LLM)聊天来创作故事。该应用程序的聊天组件存在不安全的直接对象引用(IDOR)漏洞。攻击者可以利用此漏洞,使用其他用户的信用与LLM进行聊天。

漏洞的根源在于API端点https://www.deepfiction.ai/api/story/create-story-part仅依赖于请求体中的treatment_iduser_id字段进行访问控制。测试发现,公开可访问的对话列表页面https://www.deepfiction.ai/browse/stories中暴露了idauthor_id字段,这些字段直接对应于create-story-part API预期的treatment_id(映射到id)和user_id(映射到author_id)参数。因此,攻击者可以将泄露的id(作为treatment_id)和author_id(作为user_id)替换到该API的请求中,从而利用其他用户的信用与LLM进行交互。

此外,通过网络流量分析(如通过数据包捕获)可以揭示每个角色的特定配置(角色设置),这些配置类似于系统提示,代表了LLM ChatBot的重要系统资源。这种暴露也是一种敏感数据泄露的形式,因为它可能揭示了专有的提示工程细节或角色定义。

此漏洞可能影响https://www.deepfiction.ai的任何用户。用户的聊天信用可能会因泄露的`treatment_id`和`user_id`而被滥用。

产品厂商: Deepfiction AI

产品名称: Deepfiction AI

来源: https://github.com/Secsys-FDU/CVE-2025-51867

类型: CVE-2025:github search

仓库文件

  • README.md
  • figure1.png
  • figure2.png
  • figure3.png

来源概述

CVE-2025-51867

Vulnerability description

Deepfiction AI is an AI entertainment company with a mission to revolutionize personalized storytelling. Deepfiction AI provide a web application to create stories by chatting with LLM, which is vulnerable to Insecure Direct Object Reference (IDOR) in its chat component. An attacker can exploit this IDOR to chat with LLM with other users’ credits.

Attack Vectors

The API endpoint https://www.deepfiction.ai/api/story/create-story-part is utilized to initiate or continue conversations. Testing indicates that this API solely relies on the treatment_id and user_id fields within the request body for access control.

It has been observed that id and author_id fields are exposed in publicly accessible conversations listed on the webpage https://www.deepfiction.ai/browse/stories. These exposed fields directly correspond to the treatment_id (mapping to id) and user_id (mapping to author_id) parameters expected by the create-story-part API.

As a result, an attacker can substitute the leaked id (as treatment_id) and author_id (as user_id) into requests to this API. This enables them to interact with the Large Language Model (LLM) by consuming the credits of other users. The figures shows the POC of this vulnerability.

Figure 1 IDOR

Figure 2 id leakage

Additionally, analysis of network traffic (e.g., through packet capture) can reveal the specific role configurations (character settings) for each Character. These configurations are analogous to system prompts and represent important system resources of the LLM ChatBot. This exposure also constitutes a form of sensitive data leakage, as it may reveal proprietary prompt engineering details or character definitions.

Figure 3 role configuration leakage

Vulnerability affected

This vulnerability can have an impact on any user of https://www.deepfiction.ai. The chat credit of user will be abused with leaked treatment_id and user_id.


Deepfiction AI Insecure Direct Object Reference Vulnerability
http://example.com/2025/07/19/github_2127563212/
作者
lianccc
发布于
2025年7月19日
许可协议