Khoj-ai's khoj is a self-hostable AI application that integrates with Notion via OAuth. Versions prior to 2.0.0-beta.23 contain an authorization bypass vulnerability (CVE-2025-69207) classified as CWE-639 (Authorization Bypass Through User-Controlled Key). The flaw exists in the Notion OAuth callback endpoint, which improperly validates the 'state' parameter and accepts any user UUID without verifying that the OAuth flow was initiated by that user. This allows an attacker who knows a victim's UUID to manipulate the OAuth callback, hijacking the victim's Notion integration. The UUID can be leaked through shared conversations containing AI-generated images, which expose the identifier. By hijacking the integration, attackers can replace the victim's Notion configuration with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. The vulnerability does not impact confidentiality directly but affects integrity and availability of the victim's indexed data. Exploitation requires no privileges but does require user interaction during the OAuth process. The vulnerability is fixed in khoj version 2.0.0-beta.23. No known exploits are reported in the wild as of the publication date.

For European organizations using khoj versions prior to 2.0.0-beta.23 with Notion integrations, this vulnerability poses a risk of unauthorized modification of their Notion configurations and poisoning of their AI search indexes. This can lead to corrupted or manipulated search results, undermining data integrity and trust in AI-driven insights. Although confidentiality is not directly compromised, the integrity and availability of critical indexed data can be severely impacted, potentially disrupting workflows that rely on accurate AI search functionality. Organizations handling sensitive or regulated data may face compliance risks if data poisoning leads to incorrect or misleading information being surfaced. The requirement for user interaction and knowledge of UUIDs somewhat limits the attack surface, but UUID leakage via shared AI-generated images increases exposure. This threat is particularly relevant for organizations leveraging khoj for knowledge management and AI-assisted workflows integrated with Notion.

European organizations should immediately upgrade all khoj instances to version 2.0.0-beta.23 or later to remediate this vulnerability. Additionally, organizations should audit shared content, especially AI-generated images in conversations, to identify and limit UUID exposure. Implement strict access controls and monitoring on the OAuth callback endpoints to detect unusual or unauthorized OAuth flows. Employ network-level protections such as Web Application Firewalls (WAFs) to detect and block suspicious manipulation of OAuth parameters. Educate users on the risks of sharing AI-generated content that may leak sensitive identifiers. Regularly review and rotate OAuth credentials and tokens to limit the impact of potential hijacking. Finally, conduct penetration testing focused on OAuth flows and IDOR vulnerabilities to proactively identify similar weaknesses.