Another top vibe coding platform has some worrying security flaws - here's what we know

News
By published

Base44 flaw could have allowed access other user’s private data

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)
  • Researchers find Base44's "vibe coding" platform contained security flaw
  • This allowed threat actors to access data that should be private
  • The bug was squashed within 24 hours with no signs of abuse

Vibe coding platform Base44 contained a major security vulnerability which could have allowed unauthorized users to access other people’s private applications, experts have warned.

The issue was discovered in early July 2025 by security pros from Wiz Research, who explained how exposed API endpoints on Base44’s platform allowed threat actors to create a verified account on private apps using nothing more than app_id, a piece of code that is publicly visible.

Normally, authentication systems ask for strong credentials, and means of identity verification, but Base44’s setup apparently lets anyone bypass those checks using just that one code. One could think of it like showing up to a locked office building, shouting “I’m here for app_id 12345”, and the doors would open - no questions asked.

Vibe coding

Attackers could easily grab an app_Id from public files, and use it to “register” through unsecured API routes, accessing apps that handle sensitive employee data and company communications.

The vulnerability could have affected enterprise apps handling HR and personally identifiable information (PII), internal chatbots and knowledge bases, as well as automation tools used in day-to-day operations.

Once Wiz discovered the flaw, it reached out to Wix, the company which owns Base44, who fixed it within a day.

Wix added it found no signs of abuse by threat actors. The researchers also identified vulnerable apps and reached out to some of the affected companies directly.

Vibe coding is a relatively new slang term for coding with the help of generative AI and through natural language rather than writing actual code. A developer will discuss their ideas and needs with the AI, which would come back with code. It has gained a lot of popularity lately, but news such as this one highlight that the method is not without its risks.

Since the background infrastructure is shared, there is always a risk of information leaking somewhere.

Via Infosecurity Magazine

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.