CVE-2025-48491: Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in
Summary
CVE-2025-48491 is a vulnerability in Project AI, a platform for creating AI agents, where a hardcoded API key (a secret credential stored directly in the code rather than kept separate) was exposed in versions before the pre-beta release. This means attackers could potentially find and misuse this key to access the system without proper authorization.
Vulnerability Details
EPSS: 0.2%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-48491
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%