Is CVE-2025-63390 actively exploited?

CVE-2025-63390 has no public evidence of in-the-wild exploitation as of 2026-01-22.

What is the CVSS score for CVE-2025-63390?

CVE-2025-63390 has a CVSS score of 5.3 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

How do I patch CVE-2025-63390?

Patch guidance is available from mintplexlabs security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-63390.

Which products are affected by CVE-2025-63390?

1 product: mintplexlabs anythingllm.

CVE-2025-63390 - remediation guidance & executive summary

Description

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed data includes: workspace identifiers (id, name, slug), AI model configurations (chatProvider, chatModel, agentProvider), system prompts (openAiPrompt), operational parameters (temperature, history length, similarity thresholds), vector search settings, chat modes, and timestamps.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Weaknesses: CWE-306 · Missing Authentication

Metadata

Primary Vendor: MINTPLEXLABS
Published: 12/18/2025
Last Modified: 1/22/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mintplexlabs : anythingllm

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-63390. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-63390

View on NIST NVD

CVE-2025-63390 vulnerability