Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-69207

CVE-2025-69207: Khoj AI App Auth Bypass Vulnerability

CVE-2025-69207 is an authentication bypass flaw in Khoj AI app that allows attackers to hijack Notion integrations via IDOR. This article covers the technical details, affected versions, security impact, and mitigation.

Published:

CVE-2025-69207 Overview

CVE-2025-69207 is an Insecure Direct Object Reference (IDOR) vulnerability in Khoj, a self-hostable artificial intelligence application. The vulnerability exists in the Notion OAuth callback endpoint, which accepts any user UUID without verifying that the OAuth flow was initiated by that user. This flaw allows an attacker to hijack any user's Notion integration by manipulating the state parameter during the OAuth callback process.

By exploiting this vulnerability, attackers can replace a victim's Notion configuration with their own, leading to data poisoning and unauthorized access to the victim's Khoj search index. The attack requires knowledge of the target user's UUID, which can potentially be leaked through shared conversations containing AI-generated images.

Critical Impact

Successful exploitation enables attackers to hijack Notion integrations, poison search data, and gain unauthorized access to victim's Khoj search indices through OAuth state parameter manipulation.

Affected Products

  • Khoj versions prior to 2.0.0-beta.23

Discovery Timeline

  • 2026-02-02 - CVE-2025-69207 published to NVD
  • 2026-02-03 - Last updated in NVD database

Technical Details for CVE-2025-69207

Vulnerability Analysis

This vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key), a common weakness where the application uses user-supplied input to directly access objects without proper authorization checks. In Khoj's implementation, the Notion OAuth callback endpoint fails to validate that the user initiating the OAuth flow is the same user completing it.

The OAuth integration relies on a state parameter that should cryptographically bind the OAuth flow to a specific user session. However, the vulnerable implementation accepts any user UUID in this parameter without verifying its authenticity. This allows an attacker who knows a victim's UUID to initiate an OAuth flow and have the resulting Notion configuration applied to the victim's account instead of their own.

The attack surface is network-accessible and requires user interaction, as the victim must have an active session or the attacker must craft a scenario where the malicious OAuth callback is processed. While the vulnerability does not directly expose confidential data, it enables integrity violations through data poisoning and limited availability impact through disruption of the victim's Notion integration.

Root Cause

The root cause is a missing authorization check in the Notion OAuth callback handler. The endpoint accepts a user UUID from the state parameter and directly uses it to update Notion configuration without verifying that the OAuth flow was legitimately initiated by that user. This violates the principle of proper state validation in OAuth implementations, where the state parameter should be cryptographically verified to prevent cross-site request forgery and authorization bypass attacks.

Attack Vector

The attack follows a multi-step process. First, the attacker must obtain the target user's UUID, which can be leaked through shared conversations where AI-generated images are present in Khoj. Once the UUID is known, the attacker initiates an OAuth flow with Notion but manipulates the state parameter to contain the victim's UUID instead of their own.

When the OAuth callback is processed, Khoj's vulnerable implementation accepts the attacker-controlled state parameter and applies the resulting Notion configuration to the victim's account. This gives the attacker control over what Notion data is indexed in the victim's Khoj instance, enabling data poisoning attacks where malicious or misleading information is injected into the victim's AI-powered search results.

The network-based attack vector with low complexity makes this vulnerability accessible to remote attackers, though user interaction is required for successful exploitation.

Detection Methods for CVE-2025-69207

Indicators of Compromise

  • Unexpected changes to Notion integration configurations in user accounts
  • OAuth callback requests with mismatched user UUIDs in state parameters compared to authenticated sessions
  • Multiple OAuth callback attempts targeting the same user UUID from different source IPs
  • Anomalous search index content that doesn't match user's actual Notion workspace

Detection Strategies

  • Monitor OAuth callback endpoints for requests where the state parameter contains a user UUID that doesn't match the currently authenticated user
  • Implement logging of all Notion integration configuration changes with source IP and session correlation
  • Alert on OAuth flows where the initiating session differs from the completing session
  • Review shared conversation logs for potential UUID leakage through AI-generated image URLs

Monitoring Recommendations

  • Enable detailed audit logging for all OAuth-related endpoints in Khoj
  • Implement rate limiting and anomaly detection on OAuth callback endpoints
  • Monitor for bulk or automated attempts to manipulate OAuth state parameters
  • Track changes to user integration configurations and alert on unexpected modifications

How to Mitigate CVE-2025-69207

Immediate Actions Required

  • Upgrade Khoj to version 2.0.0-beta.23 or later immediately
  • Review recent Notion integration configuration changes for signs of unauthorized modifications
  • Audit shared conversations for potential UUID exposure
  • Consider regenerating user UUIDs if compromise is suspected

Patch Information

The vulnerability is fixed in Khoj version 2.0.0-beta.23. The fix implements proper validation of the OAuth state parameter to ensure that only the user who initiated the OAuth flow can complete it. Detailed patch information is available in the GitHub commit and the release notes. For complete vulnerability details, refer to the GitHub Security Advisory GHSA-6whj-7qmg-86qj.

Workarounds

  • Temporarily disable Notion integration if upgrading is not immediately possible
  • Restrict access to Khoj instances to trusted networks only
  • Avoid sharing conversations that may contain AI-generated images, as these can leak user UUIDs
  • Implement additional network-level access controls to limit OAuth callback endpoint exposure

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne