Cybersecurity researchers have revealed a crucial vulnerability in the popular AI-based coding platform, Base44. This flaw, which has since been patched, could potentially allow attackers unauthorized access to users’ private applications.
According to cloud security firm Wiz, the vulnerability could be easily exploited by simply providing a non-secret app_id to specific endpoints tied to registration and email verification. By doing this, an attacker could create a verified account and gain full access to all private applications and data associated with them, overriding all authentication measures, including Single Sign-On (SSO).
Wiz disclosed the issue on July 9, 2025, and within 24 hours, Base44’s parent company, Wix, had released a fix. Fortunately, there is no evidence that this flaw was exploited maliciously before the patch was applied.
Base44 uses a "vibe coding" methodology powered by AI, which generates application code from text prompts. However, this discovery highlights a critical blind spot in security as traditional paradigms struggle to keep pace with the rising popularity of AI tools in corporate settings.
The vulnerability stemmed from misconfigurations that exposed two key authentication endpoints without restrictions:
api/apps/{app_id}/auth/register: Used for user registration with an email address and password.api/apps/{app_id}/auth/verify-otp: Used for user verification with a one-time password (OTP).
Both endpoints allowed access with only the app_id, which is not secret and can be found in the application’s URL and manifest files. This meant an attacker could utilize another application’s app_id to register an account, then verify their email and access applications they shouldn’t be able to.
Gal Nagli, a security researcher, noted that once an email address was confirmed, the attacker could log in via SSO on the application page, thereby bypassing the necessary authentication.
This vulnerability emerges alongside growing concerns regarding security in AI systems. Researchers have noted that advanced AI models are increasingly susceptible to jailbreaking and prompt injection attacks, which undermine their intended security measures.
Recent attacks reported include:
- Faulty context file validation leading to silent execution of malicious code in Gemini CLI.
- Code execution from specially crafted emails in Claude Desktop.
- Jailbreaking xAI’s Grok 4 model through prompt injection to elicit harmful responses without explicit inputs.
"The rapid evolution of AI development requires integrating security measures at the foundational level of these platforms, rather than treating them as an afterthought," Nagli emphasized.
As security risks continue to evolve, traditional protections may fall short. Firms need to adopt innovative approaches like toxic flow analysis to predict and mitigate vulnerabilities tied to AI systems. researchers have identified significant risk factors tied to AI frameworks, such as unprotected servers that expose sensitive data.
As the landscape of AI development continues to change, vigilance and proactive measures remain essential to protect data and uphold security standards across applications and enterprises.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.