Critical Vulnerability in Lovable’s Security Policies Allows Malicious Code Injection

Security researchers have uncovered a widespread vulnerability in Lovable’s AI-powered development platform that exposes sensitive user data and enables malicious code injection across hundreds of applications.

The critical vulnerability, discovered on March 20, 2025, affects the platform’s implementation of Row Level Security (RLS) policies, potentially compromising personal information of thousands of users.

The security breach was first identified while examining Linkable, a Lovable-built website for generating profiles from LinkedIn data.

Researchers discovered that modifying simple database queries granted unauthorized access to all user data in the project’s database tables.

When initially reported on Lovable’s Twitter account, the company denied the issue and subsequently deleted both their response tweets and the vulnerable site.

Further investigation revealed the scope extends far beyond a single application.

Researchers developed an automated scanning tool that analyzed 1,645 projects from Lovable’s showcase platform, “Lovable Launched”.

The scan identified 303 vulnerable endpoints across 170 projects—approximately 10.3% of all analyzed applications—with inadequate security configurations.

The exposed data includes highly sensitive information such as Google Maps API tokens, Gemini API keys, eBay authentication tokens, user databases, financial transactions, and subscription details.

Particularly concerning are endpoints like /functions/v1/get-google-maps-token and /rest/v1/rpc/get_gemini_api_key, which expose developer credentials that could lead to unauthorized access to third-party services.

Data Theft and Malicious Injection

The vulnerability stems from Lovable’s client-driven architecture, which relies heavily on external services for backend operations.

Applications built on the platform often lack proper RLS configurations, creating a security gap where frontend controls can be bypassed to directly access or modify database contents.

Researchers demonstrated the severity by successfully injecting malicious data into the Linkable database, including setting “payment_status”: “paid” to bypass Stripe payment integration.

This attack was executed by removing authorization headers from requests, changing the security context from authenticated to unauthenticated users, thereby circumventing all access controls.

The platform’s recently introduced “security scanner” provides only superficial protection, checking for the existence of RLS policies rather than their correctness or alignment with application logic.

This creates a false sense of security while failing to detect the fundamental misconfigurations that expose user data.

Company Response

Despite multiple disclosure attempts, Lovable’s response has been inadequate.

The company confirmed receipt of the initial vulnerability report on March 21, 2025, but never provided a substantive response.

A follow-up formal disclosure was sent on April 14, 2025, establishing a 45-day disclosure window.

The urgency increased when a Palantir engineer independently discovered and publicly disclosed the same vulnerability on social media, demonstrating active exploitation including extraction of personal debt amounts, home addresses, and API keys.

Lovable released “Lovable 2.0” with enhanced security scanning on April 24, 2025, but this update failed to address the underlying architectural vulnerability.

With no meaningful remediation or user notification from Lovable by the deadline, security researchers published a formal CVE disclosure on May 29, 2025.

The incident highlights critical concerns about secure-by-default configurations in AI-assisted development platforms handling sensitive user data.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.