CVE-2025-57266
Published
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.
🎉 ThriveX 是一个年轻、高颜值、全开源、永不收费的现代化博客管理系统。它采用前后端分离开发模式,是一个 NextJS + Spring Boot 的产物
GitHub