CVE-2025-51864: Reflected XSS in AIBOX LLM Chat Allows Account Hijacking

AIBOX LLM chat, a web application available at chat.aibox365.cn, is vulnerable to a reflected Cross-Site Scripting (XSS) attack. This flaw can be exploited to steal JWT tokens, potentially allowing attackers to fully compromise user accounts. Let's dive into the details of this vulnerability and what you need to know.

Vulnerability Details

• CVE ID: CVE-2025-51864
• Description: A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through stolen JWT tokens.

CVSS Score and Vector

• CVSS Score: 6.5 (Medium)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Explanation: This CVSS vector indicates that the vulnerability is accessible over the network (AV:N), requires low attack complexity (AC:L), and does not need any privileges (PR:N). However, it requires user interaction (UI:R) as the victim needs to click on a malicious link. Successful exploitation can lead to high confidentiality impact (C:H), allowing the attacker to potentially steal sensitive information. There's no impact on integrity (I:N) or availability (A:N).

Affected Vendor, Product, Version

• Vendor: Unknown (Likely AIBOX)
• Product: AIBOX LLM chat (chat.aibox365.cn)
• Version: Through 2025-05-27

CWE (Common Weakness Enumeration)

• CWE ID: CWE-79
• CWE Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Explanation: CWE-79 occurs when a web application does not properly sanitize user-supplied input before including it in the HTML output. This allows attackers to inject malicious scripts that execute in the victim's browser, enabling actions like session hijacking, defacement, or redirecting the user to a malicious website.

Timeline of Events

• 2025-05-27: Last known affected date.
• 2025-07-22: CVE Published.

Exploitability & Real-World Risk

The exploitability of this XSS vulnerability is relatively straightforward. An attacker can craft a malicious URL containing JavaScript code and trick a user into clicking it. This can be done via phishing emails, social media, or other means. If the user is logged into AIBOX LLM chat at the time, the injected script can steal their JWT token and send it to the attacker. With the stolen token, the attacker can impersonate the user and access their account, potentially accessing private conversations or performing actions on their behalf.

Given the potential for account compromise, the real-world risk is significant. If AIBOX LLM chat is used for sensitive communications or contains valuable information, the consequences of a successful attack can be severe.

Recommendations

• Patch: If a patch is available from AIBOX, apply it immediately.
• Input Sanitization: Ensure all user-supplied input is properly sanitized and validated to prevent XSS attacks.
• Content Security Policy (CSP): Implement a strict CSP to limit the sources from which scripts can be executed.
• User Education: Educate users about the risks of clicking on suspicious links and the importance of verifying the authenticity of websites.

Technical Insight

Reflected XSS vulnerabilities occur because the server doesn't properly clean up the data it gets from the user before sending it back to them. Imagine the application is echoing your search terms directly back to the page without checking for anything malicious. An attacker can inject JavaScript code in that search term, and the server will dutifully echo it back, causing it to run in the user's browser.

Credit to Researcher(s)

Credit to Secsys-FDU for discovering and reporting this vulnerability.

References

• GitHub Advisory
• CVE-2025-51864

Tags

#XSS #CrossSiteScripting #AIBOX #LLMChat #CVE202551864 #SecurityVulnerability #WebSecurity

Summary: AIBOX LLM chat is susceptible to a reflected XSS vulnerability (CVE-2025-51864). By tricking a user into clicking a malicious link, an attacker can steal their JWT token and hijack their account. Apply patches, sanitize input, and educate users to mitigate this risk.

CVE ID: CVE-2025-51864

Risk Analysis: Successful exploitation can lead to account hijacking, potentially exposing sensitive information and enabling unauthorized actions on behalf of the victim.

Recommendation: Apply patches, implement robust input sanitization, enforce a strong Content Security Policy (CSP), and educate users about phishing risks.

Timeline

• 2025-05-27: Last known affected date for AIBOX LLM chat.
• 2025-07-22: CVE-2025-51864 was published.

References

• https://github.com/Secsys-FDU/CVE-2025-51864
• https://www.cve.org/CVERecord?id=CVE-2025-51864