CVE-2025-48757 Information

Description

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites.

Reference

https://docs.lovable.dev/changelog https://gist.github.com/lhchavez/625ee42a6c408a850d35e50f8e649de9 https://mattpalmer.io/posts/CVE-2025-48757/ https://x.com/danialasaria/status/1911862269996118272