VYPR
Critical severity9.8NVD Advisory· Published Sep 29, 2025· Updated Apr 15, 2026

CVE-2025-57266

CVE-2025-57266

Description

An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.