cvedb.io
CVE-2025-48757
CRITICAL · CVSS 9.3
EPSS exploitation probability: 0%
Published 2025-05-30T03:15:20.893 · Last modified 2026-06-17T09:30:17.293

Summary

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a responsibility over protecting the data of their application.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.