Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-51867 PoC — Deepfiction AI 安全漏洞

Source
https://github.com/Secsys-FDU/CVE-2025-51867
Associated Vulnerability
Title:Deepfiction AI 安全漏洞 (CVE-2025-51867)
Description:Deepfiction AI是Deepfiction AI公司的一个人工智能平台。 Deepfiction AI 2025-06-03及之前版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致使用其他用户积分与LLM聊天。
Readme
# CVE-2025-51867
## Vulnerability description

   Deepfiction AI is an AI entertainment company with a mission to revolutionize personalized storytelling. Deepfiction AI provide a web application to create stories by chatting with LLM, which is vulnerable to Insecure Direct Object Reference (IDOR) in its chat component. An attacker can exploit this IDOR to chat with LLM with other users' credits.

## Attack Vectors

   The API endpoint `https://www.deepfiction.ai/api/story/create-story-part` is utilized to initiate or continue conversations. Testing indicates that this API solely relies on the `treatment_id` and `user_id` fields within the request body for access control.

   It has been observed that `id` and `author_id` fields are exposed in publicly accessible conversations listed on the webpage `https://www.deepfiction.ai/browse/stories`. These exposed fields directly correspond to the `treatment_id` (mapping to `id`) and `user_id` (mapping to `author_id`) parameters expected by the `create-story-part` API.

   As a result, an attacker can substitute the leaked `id` (as `treatment_id`) and `author_id` (as `user_id`) into requests to this API. This enables them to interact with the Large Language Model (LLM) by consuming the credits of other users. The figures shows the POC of this vulnerability.

   ![Figure 1 IDOR](./figure1.png)

   ![Figure 2 id leakage](./figure2.png)

   Additionally, analysis of network traffic (e.g., through packet capture) can reveal the specific role configurations (character settings) for each Character. These configurations are analogous to system prompts and represent important system resources of the LLM ChatBot. This exposure also constitutes a form of sensitive data leakage, as it may reveal proprietary prompt engineering details or character definitions.

   ![Figure 3 role configuration leakage](./figure3.png)

## Vulnerability affected

   This vulnerability can have an impact on any user of https://www.deepfiction.ai. The chat credit of user will be abused with leaked treatment_id and user_id.
File Snapshot

 [4.0K]  /data/pocs/c87553c7853ddfc41be39cd20247ecd56ff373a7
├── [321K]  figure1.png
├── [333K]  figure2.png
├── [465K]  figure3.png
└── [2.0K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.