Dippy Insecure Direct Object Reference Vulnerability

漏洞信息

漏洞名称： Dippy Insecure Direct Object Reference Vulnerability

漏洞编号：

• CVE： CVE-2025-51868

漏洞类型： 未授权访问

漏洞等级： 中危

漏洞描述： Dippy是一个流行的网站，允许用户与基于LLM的AI角色进行聊天。该网站的聊天组件存在不安全的直接对象引用（IDOR）漏洞。攻击者可以利用此IDOR漏洞篡改其他用户的对话。所有用户的对话历史都存储在服务器上，但Dippy的服务器并未区分单个对话历史的所有权或共享状态。因此，攻击者可以通过暴力破解对话ID来访问其他用户的对话历史。对话ID的格式是可预测的，容易受到暴力破解攻击，它由一个8位数字字符串组成。当攻击者使用其授权和GET方法请求此URL时，他可以在POC中查看对话历史。此漏洞可能影响https://chat.dippy.ai的任何用户。用户的聊天历史可能会因泄露的conversation_id而被恶意修改。该漏洞的根本原因在于服务器未能正确验证用户对特定对话历史的访问权限，导致未授权访问。这可能导致用户隐私泄露和对话内容被篡改，尽管需要攻击者具备一定的技术能力来执行暴力破解，但一旦成功，影响范围较广。

产品厂商： Dippy

产品名称： Dippy

来源： https://github.com/Secsys-FDU/CVE-2025-51868

类型： CVE-2025:github search

仓库文件

• README.md
• figure1.png

来源概述

CVE-2025-51868

Vulnerability description

Dippyis a popular website to chat with millions of proactive AI characters. Dippy allows users to chat with characters based on LLM, which is vulnerable to Insecure Direct Object Reference (IDOR) in its chat component. An attacker can exploit this IDOR to tamper other users’ conversation.

Attack Vectors

Conversation histories for all users are stored on the server. However, Dippy’s server does not distinguish the ownership or sharing status of individual conversation histories. Consequently, an attacker can access other users’ conversation histories by brute-forcing the conversation IDs.

The conversation ID format is predictable and susceptible to brute-force attacks. It consists of an 8-character string. This string is composed of digits (e.g., 12345678). When an attacker request this url with attacker’s Authorization and GET method, he can then check the conversation history in POC.

Vulnerability affected

This vulnerability can have an impact on any user of https://chat.dippy.ai. The Chat history of user will be maliciously modified with leaked conversation_id.