Security researchers at Wiz have revealed a critical vulnerability in Base44, an AI-powered development platform recently acquired by Wix for $80 million. Announced on July 29, 2025, the flaw permitted unauthorized access to private enterprise applications by leveraging a simple exploit—the use of a non-secret app_id to bypass all authentication controls, including Single Sign-On (SSO). Discovered through public domain reconnaissance, this vulnerability resided in the platform’s registration and email verification endpoints, allowing attackers to create verified accounts without authorization, thereby exposing sensitive data. Following responsible disclosure, Wiz reported the issue on July 9, prompting Wix to implement a fix within 24 hours. Wix confirmed no evidence of prior exploitation. This incident underscores substantial security risks in AI development platforms, emphasizing the necessity for rigorous security measures as such technologies gain traction across enterprises. For continuous updates on security issues, follow us on LinkedIn and X.
Source link
Share
Read more