CVE-2026-25083 in GROWI
Summary
by MITRE • 03/16/2026
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/19/2026
The vulnerability identified as CVE-2026-25083 affects GROWI versions 7.4.5 and earlier, specifically targeting the OpenAI thread and message API endpoints that lack proper authorization mechanisms. This represents a critical access control flaw that undermines the security model of the platform. The vulnerability stems from insufficient validation of user permissions when accessing AI assistant threads and messages, allowing unauthorized access to potentially sensitive conversational data.
The technical flaw manifests as a missing authorization check within the API endpoint implementations that handle OpenAI thread and message operations. When a user is logged into the system and possesses knowledge of another user's shared AI assistant identifier, they can exploit this weakness to access, view, or modify threads and messages that belong to different users. This violates fundamental principles of information security including confidentiality and integrity. The vulnerability operates at the application layer and can be classified under CWE-285, which addresses improper authorization within software systems. The flaw essentially creates a path for privilege escalation through information disclosure and data manipulation.
The operational impact of this vulnerability is significant as it enables persistent unauthorized access to user conversations and data. Attackers can potentially access sensitive information shared in AI assistant threads, including personal data, business communications, or confidential discussions. The ability to tamper with messages introduces data integrity risks that could be exploited for social engineering attacks or to corrupt the conversation history. This vulnerability affects all users who have access to shared AI assistants within the platform, creating a broad attack surface. The threat actors can leverage this weakness without requiring elevated privileges or complex exploitation techniques, making it particularly dangerous in environments where multiple users collaborate using shared AI resources.
Mitigation strategies for this vulnerability should focus on implementing robust authorization checks at all API endpoints handling AI assistant threads and messages. The platform should enforce user-specific access controls that verify the authenticated user's permissions before allowing access to any thread or message data. This includes validating that the requesting user has legitimate access rights to the specific AI assistant instance and its associated conversations. Security patches should be implemented to ensure proper authentication and authorization mechanisms are in place, preventing cross-user data access. Organizations should also consider implementing role-based access controls and audit logging to monitor access patterns and detect potential unauthorized activities. The remediation process should follow established security frameworks such as those outlined in the MITRE ATT&CK framework for privilege escalation and credential access techniques. Regular security assessments and penetration testing should be conducted to identify similar authorization flaws within the application's API endpoints and ensure that access controls remain effective against evolving threat landscapes.