CVE-2026-25083 Overview
CVE-2026-25083 is a Missing Authorization vulnerability affecting GROWI, an open-source wiki platform. The OpenAI thread/message API endpoints in GROWI fail to perform proper authorization checks, allowing authenticated users who know a shared AI assistant's identifier to view and tamper with other users' threads and messages. This authorization bypass (CWE-862) affects GROWI versions 7.4.5 and earlier.
Critical Impact
Authenticated attackers can access and modify other users' AI assistant conversations, potentially exposing sensitive information shared in private threads and enabling tampering with AI-generated content.
Affected Products
- GROWI v7.4.5 and earlier versions
- GROWI OpenAI integration module
- All GROWI installations with AI assistant functionality enabled
Discovery Timeline
- 2026-03-16 - CVE CVE-2026-25083 published to NVD
- 2026-03-16 - Last updated in NVD database
Technical Details for CVE-2026-25083
Vulnerability Analysis
This vulnerability stems from a fundamental flaw in the authorization logic of GROWI's OpenAI integration API. The affected endpoints responsible for managing AI assistant threads and messages fail to verify that the requesting user has appropriate permissions to access the requested resources. While the application requires users to be logged in (authentication is present), it does not verify whether the authenticated user is authorized to access specific threads or messages belonging to other users.
The vulnerability enables horizontal privilege escalation, where an attacker with valid credentials can access resources belonging to other users at the same privilege level. The attack requires knowledge of a shared AI assistant's identifier, which may be discoverable through enumeration or leaked through other means.
Root Cause
The root cause is Missing Authorization (CWE-862) in the OpenAI thread/message API endpoints. The application fails to implement proper access control checks to verify that the requesting user owns or has permission to access the specified thread or message resources. This is a classic Broken Access Control vulnerability where object-level authorization is not enforced.
Attack Vector
The attack is network-based and requires low privileges (authenticated user account). An attacker with a valid user session can exploit this vulnerability by directly accessing API endpoints for threads and messages associated with a shared AI assistant identifier. The attacker does not require any user interaction to exploit this flaw.
The exploitation process involves:
- Authenticating to the GROWI application with valid credentials
- Obtaining or guessing a shared AI assistant identifier
- Making direct API requests to thread/message endpoints with the target identifier
- Viewing confidential conversation data or modifying existing messages
Since no verified code examples are available for this vulnerability, organizations should consult the JVN Security Advisory JVN46373837 for detailed technical information about the affected API endpoints and exploitation mechanics.
Detection Methods for CVE-2026-25083
Indicators of Compromise
- Unusual API access patterns to OpenAI thread/message endpoints from single user accounts accessing multiple different AI assistant identifiers
- Log entries showing authenticated users accessing thread resources they did not create
- Anomalous read/write operations on AI assistant conversations outside normal usage patterns
- Multiple failed or successful API calls to thread endpoints with sequential or enumerated identifiers
Detection Strategies
- Implement application-level logging for all OpenAI API endpoint access, including user ID, requested resource ID, and action performed
- Monitor for users accessing thread/message resources associated with AI assistants they have not interacted with before
- Configure alerts for high-volume API requests to thread/message endpoints from individual user accounts
- Review access logs for patterns indicating identifier enumeration attempts
Monitoring Recommendations
- Enable detailed audit logging for all AI assistant-related API endpoints in GROWI
- Deploy web application firewall (WAF) rules to detect and alert on suspicious API access patterns
- Implement rate limiting on thread/message API endpoints to slow enumeration attempts
- Regularly review application logs for unauthorized access attempts to AI conversation resources
How to Mitigate CVE-2026-25083
Immediate Actions Required
- Update GROWI to the latest patched version that addresses this authorization vulnerability
- Audit existing AI assistant threads and messages for evidence of unauthorized access
- Review and restrict access to shared AI assistant identifiers until the patch is applied
- Consider temporarily disabling the OpenAI integration feature if immediate patching is not possible
Patch Information
GROWI has released a security update addressing this vulnerability. Organizations should update to the latest version as soon as possible. For detailed patch information and upgrade instructions, refer to the Growi News Update and the JVN Security Advisory JVN46373837.
Workarounds
- Disable the OpenAI/AI assistant integration feature until the patch can be applied
- Implement network-level access controls to restrict API endpoint access to trusted networks
- Use a reverse proxy or WAF to add authorization checks at the network layer for affected endpoints
- Review and minimize the number of users with access to shared AI assistants
Organizations unable to immediately patch should implement network segmentation and enhanced monitoring while planning their upgrade path. Contact GROWI support for additional guidance on securing installations prior to patching.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
