CVE-2025-69207

Feb. 3, 2026, 4:44 p.m.

5.4
Medium

Description

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.

Product(s) Impacted

Vendor Product Versions
Khoj
  • Khoj
  • 2.0.0-beta.23, *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a khoj khoj 2.0.0-beta.23 / / / / / / /
a khoj khoj / / / / / / / /

References

https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b
https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23
https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj

Tags

[email protected]
CWE-639
2026-02-02
CVE-2025-69207

CVSS Score

5.4 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

    View Vector String

Timeline

Published: Feb. 2, 2026, 11:16 p.m.
Last Modified: Feb. 3, 2026, 4:44 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.