cbcvebase.
CVE-2025-48757
published 2025-05-30

CVE-2025-48757: An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database…

PriorityP260critical9.3CVSS 3.1
AVNACLPRNUINSCCHILAN
EPSS
0.71%
48.8th percentile
An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a responsibility over protecting the data of their application.

Affected

1 ranges
VendorProductVersion rangeFixed in
lovablelovable<= 2025-04-15
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.