Subj : Another top vibe coding platform has some worrying security flaws To : All From : TechnologyDaily Date : Wed Jul 30 2025 17:15:07 Another top vibe coding platform has some worrying security flaws - here's what we know Date: Wed, 30 Jul 2025 16:03:00 +0000 Description: Experts warn of a way to access other peoples private app data on Base44. FULL STORY ======================================================================Research ers find Base44's "vibe coding" platform contained security flaw This allowed threat actors to access data that should be private The bug was squashed within 24 hours with no signs of abuse Vibe coding platform Base44 contained a major security vulnerability which could have allowed unauthorized users to access other peoples private applications, experts have warned. The issue was discovered in early July 2025 by security pros from Wiz Research, who explained how exposed API endpoints on Base44s platform allowed threat actors to create a verified account on private apps using nothing more than app_id, a piece of code that is publicly visible. Normally, authentication systems ask for strong credentials, and means of identity verification , but Base44s setup apparently lets anyone bypass those checks using just that one code. One could think of it like showing up to a locked office building, shouting Im here for app_id 12345, and the doors would open - no questions asked. Vibe coding Attackers could easily grab an app_Id from public files, and use it to register through unsecured API routes, accessing apps that handle sensitive employee data and company communications. The vulnerability could have affected enterprise apps handling HR and personally identifiable information (PII), internal chatbots and knowledge bases, as well as automation tools used in day-to-day operations. Once Wiz discovered the flaw, it reached out to Wix, the company which owns Base44 , who fixed it within a day. Wix added it found no signs of abuse by threat actors. The researchers also identified vulnerable apps and reached out to some of the affected companies directly. Vibe coding is a relatively new slang term for coding with the help of generative AI and through natural language rather than writing actual code. A developer will discuss their ideas and needs with the AI, which would come back with code. It has gained a lot of popularity lately, but news such as this one highlight that the method is not without its risks. Since the background infrastructure is shared, there is always a risk of information leaking somewhere. Via Infosecurity Magazine You might also like Understanding the vibe coding trend and considerations for developers Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/another-top-vibe-coding-platform-has-so me-worrying-security-flaws-heres-what-we-know --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .