Description

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a responsibility over protecting the data of their application.

INFO

Published Date :

2025-05-30T00:00:00.000Z

Last Modified :

2025-08-21T02:28:45.607Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48757 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48757.

URL Resource
https://docs.lovable.dev/changelog cve-icon cve-icon
https://gist.github.com/lhchavez/625ee42a6c408a850d35e50f8e649de9 cve-icon cve-icon cve-icon
https://mattpalmer.io/posts/CVE-2025-48757/ cve-icon cve-icon
https://mattpalmer.io/posts/statement-on-CVE-2025-48757/ cve-icon cve-icon
https://x.com/danialasaria/status/1911862269996118272 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact