CVE-2025-63390 identifies an authentication bypass vulnerability in AnythingLLM version 1.8.5, specifically targeting the /api/workspaces REST API endpoint. The vulnerability arises because the endpoint does not enforce authentication or authorization checks, allowing any remote attacker to access it without credentials. Through this endpoint, attackers can enumerate all configured workspaces and retrieve extensive details including workspace IDs, names, slugs, AI model configurations (such as chatProvider, chatModel, agentProvider), system prompts (openAiPrompt), operational parameters like temperature, history length, similarity thresholds, vector search configurations, chat modes, and timestamps. This information leakage can facilitate reconnaissance activities, enabling attackers to understand the AI models and operational parameters in use, which could be leveraged for further targeted attacks or social engineering. The CVSS 3.1 base score is 5.3 (medium severity), reflecting that the vulnerability is remotely exploitable without authentication or user interaction but only impacts confidentiality with no direct impact on integrity or availability. No patches or known exploits are currently reported. The weakness is classified under CWE-306 (Missing Authentication for Critical Function). The vulnerability was reserved on 2025-10-27 and published on 2025-12-18. Given the sensitive nature of AI model configurations and operational parameters, unauthorized disclosure could undermine organizational security or intellectual property protection.

For European organizations, the primary impact of CVE-2025-63390 is the unauthorized disclosure of sensitive AI workspace configuration data. This can lead to increased risk of targeted attacks, including social engineering, spear phishing, or exploitation of AI model weaknesses. Organizations relying heavily on AnythingLLM for AI-driven services or internal automation may face intellectual property exposure and loss of competitive advantage. Although the vulnerability does not allow direct modification or disruption of services, the leaked data could be used to craft more sophisticated attacks or identify other vulnerabilities. In regulated sectors such as finance, healthcare, or critical infrastructure, exposure of operational parameters and system prompts may also raise compliance and privacy concerns. The medium severity rating suggests a moderate risk, but the potential for chained attacks or insider threats leveraging this information increases the overall threat landscape. European entities with AI deployments should consider this vulnerability a significant information disclosure risk that could indirectly impact confidentiality and operational security.

To mitigate CVE-2025-63390, organizations should immediately implement strict authentication and authorization controls on the /api/workspaces endpoint of AnythingLLM. This includes enforcing token-based authentication, role-based access control (RBAC), and ensuring that only authorized users or services can query workspace configurations. Network-level restrictions such as IP whitelisting or VPN access can further reduce exposure. Monitoring and logging access to this API endpoint should be enabled to detect any unauthorized attempts. If a patch becomes available from the vendor, it should be applied promptly. In the absence of a patch, organizations can consider deploying web application firewalls (WAFs) with custom rules to block unauthenticated access to the endpoint. Additionally, sensitive configuration data should be minimized or encrypted at rest and in transit. Regular security audits and penetration testing focusing on API security can help identify similar issues proactively. Finally, educating developers and administrators about secure API design and the importance of authentication checks is critical to prevent recurrence.