Is AI / ML affected by CVE-2026-25083?

GROWI versions 7.4.5 and earlier contain an authentication bypass vulnerability in AI assistant endpoints that allows any authenticated user to access and modify other users' confidential AI conversations without authorization.

CVE-2026-25083

EUVD-2026-12343 HIGH

2026-03-16 jpcert

8.3

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 09:00 euvd

EUVD-2026-12343

Analysis Generated

Mar 16, 2026 - 09:00 vuln.today

CVE Published

Mar 16, 2026 - 06:47 nvd

HIGH 8.3

Description

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.

Analysis

A critical authentication bypass vulnerability exists in GROWI's OpenAI assistant API endpoints where authorization checks are missing, allowing any authenticated user to access and manipulate other users' AI assistant conversations. The vulnerability affects GROWI versions 7.4.5 and earlier, enabling attackers with low-level credentials to compromise confidentiality and integrity of AI assistant threads and messages by simply knowing the assistant identifier. …

Remediation

Within 24 hours: inventory all GROWI deployments and confirm affected versions; disable or restrict access to OpenAI assistant API endpoints if operationally feasible. Within 7 days: implement network segmentation to limit assistant API access to trusted internal networks only; enable enhanced logging and monitoring of assistant API activity for detection of unauthorized access. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

CVE-2026-25083 vulnerability details – vuln.today

Back

CVE-2026-25083

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-25083

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code