CVE-2025-50708 is a high-severity vulnerability identified in Perplexity AI GPT-4 version 2.51.0. The flaw allows a remote attacker to obtain sensitive information by exploiting the token component embedded within the shared chat URL. Specifically, the vulnerability relates to an information disclosure issue (CWE-200), where the token used to authenticate or authorize access to chat sessions is exposed in the URL. Since URLs can be logged, cached, or intercepted, an attacker who gains access to such a URL can retrieve the token and subsequently access sensitive chat data without requiring any authentication or user interaction. The CVSS 3.1 base score of 7.5 reflects the vulnerability's characteristics: it is remotely exploitable over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality (C:H) without affecting integrity or availability. The vulnerability is unpatched as of the published date (July 18, 2025), and no known exploits have been reported in the wild yet. The lack of affected version details beyond the stated version 2.51.0 suggests that the issue may be limited to this release or closely related versions. The root cause likely stems from insecure handling of authentication tokens in URLs, which is a common security anti-pattern, as URLs are often exposed in browser histories, logs, and referrer headers, increasing the risk of token leakage.

For European organizations using Perplexity AI GPT-4 v2.51.0, this vulnerability poses a significant risk to the confidentiality of sensitive information exchanged via the platform. Since the token in the shared chat URL can be exploited remotely without authentication or user interaction, attackers could potentially access confidential conversations, intellectual property, or personal data shared within the AI chat sessions. This could lead to data breaches, regulatory non-compliance (notably under GDPR), reputational damage, and potential legal consequences. Organizations in sectors such as finance, healthcare, legal, and government, which often handle sensitive data, are particularly at risk. Furthermore, the exposure of tokens in URLs may facilitate lateral movement or further attacks if attackers leverage the disclosed information to gain deeper access. Although no known exploits are reported yet, the ease of exploitation and high confidentiality impact necessitate urgent attention. The vulnerability also undermines trust in AI-powered communication tools, which are increasingly integrated into European enterprise workflows.

To mitigate this vulnerability, European organizations should immediately audit their use of Perplexity AI GPT-4, particularly version 2.51.0, and avoid sharing chat URLs containing sensitive tokens until a patch is available. Organizations should implement strict access controls and monitoring around the use of shared chat URLs. As a best practice, tokens should never be transmitted via URLs; instead, secure cookies or authorization headers should be used. If possible, disable or restrict the feature that generates shareable URLs with embedded tokens. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block suspicious requests containing exposed tokens. Organizations should also educate users about the risks of sharing URLs containing sensitive tokens and encourage secure communication practices. Monitoring logs for unusual access patterns related to shared chat URLs can help detect exploitation attempts. Finally, organizations should track vendor advisories for patches or updates addressing this vulnerability and apply them promptly once available.