CVE-2025-68492: Chainlit contains an authorization bypass vulnerability
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.
References
- github.com/Chainlit/chainlit
- github.com/Chainlit/chainlit/commit/8f1153db439eca58ae5c50c8276ba6fdd311448e
- github.com/Chainlit/chainlit/pull/2637
- github.com/Chainlit/chainlit/releases
- github.com/Chainlit/chainlit/releases/tag/2.8.5
- github.com/advisories/GHSA-v492-6xx2-p57g
- jvn.jp/en/jp/JVN34964581
- nvd.nist.gov/vuln/detail/CVE-2025-68492
Code Behaviors & Features
Detect and mitigate CVE-2025-68492 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →