Security researchers at Wiz have uncovered a critical vulnerability in the popular AI-powered development platform Base44 that could have allowed unauthorized access to private enterprise applications, the company announced in a blog post published July 29, 2025.
Major Security Breach in Vibe Coding Platform
The vulnerability affected Base44, a “vibe coding” platform recently acquired by Wix for $80 million in June 2025, which enables users to build applications using natural language prompts rather than traditional programming.
The flaw was remarkably simple to exploit, requiring only a non-secret app_id value to bypass all authentication controls, including Single Sign-On (SSO) protections.
According to Wiz researcher Gal Nagli, the vulnerability was discovered through reconnaissance of Base44’s publicly accessible domains, where researchers identified Swagger-UI interfaces that exposed internal API documentation.
The critical flaw existed in the platform’s registration and email verification endpoints, which allowed attackers to create verified accounts for private applications without proper authorization.
“This effectively bypassed all given authentication controls that Base44 provided, including Single Sign-On (SSO), granting full access to what were intended to be private enterprise applications and the sensitive data they might have contained,” Nagli explained.
Swift Response and Resolution
Following responsible disclosure practices, Wiz reported the vulnerability to both Base44 and Wix on July 9, 2025.
The companies responded quickly, implementing a complete fix within 24 hours of notification.
Wix confirmed that their investigation found no evidence of malicious exploitation or past abuse of the vulnerability.
“The security and privacy of our users are paramount,” a Wix spokesperson stated.
“Immediately upon being notified by the Wiz research team about a potential vulnerability, we conducted a thorough investigation and took swift, decisive action to remediate the issue.”
Broader Security Implications
The discovery highlights significant security risks in the rapidly expanding AI-powered development sector.
Wiz researchers emphasized that vibe coding platforms create shared-risk models where all applications run on vendor infrastructure, meaning “a single flaw in the platform’s core instantly jeopardizes every single application built upon it”.
The vulnerability particularly concerned security experts due to its low technical barrier for exploitation and the sensitive data many enterprises store on these platforms, including internal chatbots, HR operations, and knowledge bases.
This incident underscores the need for robust security frameworks as AI development platforms gain enterprise adoption, with researchers noting that traditional security discussions often overlook fundamental authentication controls in favor of AI-specific threats.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The vulnerability affected Base44, a "vibe coding" platform recently acquired by Wix for $80 million in June 2025, which enables users){kind=link}