← Back

CVE-2025-69207

nvd nist
Published: Feb 2, 2026Modified: Feb 27, 2026

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Exploitability: 2.8 / Impact: 4.2
Source: NVD

Description

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.

Affected (16)

Products: Khoj: Khoj
Khoj
1 product
Khoj
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Khoj
Khoj
Before 2.0.0
Khoj
Version 2.0.0 beta10
Khoj
Version 2.0.0 beta11
Khoj
Version 2.0.0 beta12
Khoj
Version 2.0.0 beta13
Khoj
Version 2.0.0 beta14
Khoj
Version 2.0.0 beta15
Khoj
Version 2.0.0 beta16
Khoj
Version 2.0.0 beta17
Khoj
Version 2.0.0 beta18
Khoj
Version 2.0.0 beta19
Khoj
Version 2.0.0 beta1
Khoj
Version 2.0.0 beta20
Khoj
Version 2.0.0 beta21
Khoj
Version 2.0.0 beta22
Khoj
Version 2.0.0 beta2

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
ProductRelease Notes
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.