- Researchers find that the “Vibration Codification” platform of Base44 contained security failure
- This allowed threat actors to access data that should be private
- The error was crushed in 24 hours without signs of abuse.
The Vibe Base44 coding platform contained an important security vulnerability that could have allowed unauthorized users to access other people’s private applications, experts warned.
The problem was discovered in early July 2025 by Wiz Research security professionals, who explained how the API final points set out on the base platform44 allowed the threat actors to create a verified account in private applications that use nothing more than APP_ID, a code that is publicly visible.
Normally, the authentication systems request strong credentials and means of identity verification, but the base configuration44 apparently allows anyone to avoid those verifications using only that code. One might think about how to appear in a blocked office building, shouting “I am here for APP_ID 12345”, and the doors would open, do not ask questions.
Environments coding
The attackers could easily obtain an app_id of public archives and use it to “register” through non -safe API routes, accessing applications that handle confidential data from employees and communications of the company.
Vulnerability could have affected business applications that handle HR and personal identification information (PII), internal chatbots and knowledge bases, as well as automation tools used in daily operations.
Once Wiz discovered the defect, he contacted Wix, the company that has Base44, who fixed it in one day.
Wix added that he did not find signs of abuse by the threat actors. The researchers also identified vulnerable applications and communicated directly with some of the affected companies.
Vibos coding is a relatively new term of jargon to encode with the help of generative and through natural language instead of writing real code. A developer will discuss his ideas and needs with AI, who would return with the code. Lately it has gained a lot of popularity, but the news as this emphasizes that the method is not exempt from risks.
Since the background infrastructure is shared, there is always the risk that information is filtered somewhere.
Through Infosecurity magazine
