DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-68492: Chainlit IDOR: Stealing AI Chat History via Socket.IO

#security #cve #cybersecurity

Chainlit IDOR: Stealing AI Chat History via Socket.IO

Vulnerability ID: CVE-2025-68492
CVSS Score: 4.2
Published: 2026-01-14

A classic Insecure Direct Object Reference (IDOR) vulnerability in Chainlit's Socket.IO connection handling allows authenticated users to hijack chat sessions and view sensitive history by simply supplying another user's thread ID.

TL;DR

Chainlit versions before 2.8.5 trust the client-provided threadId during the Socket.IO handshake without verifying ownership. If an attacker guesses or obtains a valid thread UUID, they can impersonate the thread owner, read chat history, and potentially manipulate the conversation state. The fix involves a mandatory ownership check during connection.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-639: Authorization Bypass Through User-Controlled Key
  • CVSS v3.1: 4.2 (Medium)
  • CVSS v4.0: 2.3 (Low)
  • Attack Vector: Network (Socket.IO)
  • Attack Complexity: High (Requires guessing/stealing UUID)
  • Privileges Required: Low (Authenticated User)
  • Impact: Confidentiality & Integrity (Partial)

Affected Systems

  • Chainlit Framework < 2.8.5
  • Chainlit: < 2.8.5 (Fixed in: 2.8.5)

Code Analysis

Commit: 8f1153d

Fix: check thread author in websocket connection

@@ -55,6 +55,11 @@ async def connect(sid, environ, auth):
             data_layer = get_data_layer()
             if not data_layer:
                 logger.error("Data layer is not initialized.")
                 raise ConnectionRefusedError("data layer not initialized")
+
+            if not (await data_layer.get_thread_author(thread_id) == user.identifier):
+                logger.error("Authorization for the thread failed.")
+                raise ConnectionRefusedError("authorization failed")

             await data_layer.update_thread(
                 thread_id=thread_id, user_id=user.identifier
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Manual: Manual interception of Socket.IO handshake to modify 'threadId' in auth payload.

Mitigation Strategies

  • Upgrade Chainlit to version 2.8.5 or later immediately.
  • If using a custom DataLayer, audit the get_thread_author implementation to ensure it accurately returns the owner ID.
  • Monitor logs for ConnectionRefusedError: authorization failed which may indicate attempted exploitation.

Remediation Steps:

  1. Run pip install --upgrade chainlit in your environment.
  2. Restart the Chainlit server to reload the patched socket handler.
  3. Verify the fix by attempting to connect with a known invalid thread ID (one belonging to a different user).

References

Read the full report for CVE-2025-68492 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)