CVE-2025-57266

An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.

More information : https://gist.github.com/candyb0x/fccc49a989473b7f1e47479619eaf1ca