Critical severity9.8NVD Advisory· Published Sep 29, 2025· Updated Apr 15, 2026
CVE-2025-57266
CVE-2025-57266
Description
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=2.5.9 <=3.1.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.