Description

The Large Language Model (LLM) has disclosed a list of internal tools and their descriptions upon receiving specially crafted queries. This information exposure can aid attackers in reconnaissance, potentially enabling more targeted attacks or further vulnerability enumeration.

Remediation

Configure the LLM to restrict or sanitize responses regarding its internal tools and capabilities. Implement validation checks or filters to detect and prevent sensitive information disclosure.

References

OWASP Top 10 for LLM Applications 2025

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)

MongoDb Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6494)

Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-21147)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.15)

Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-4360)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Llm Llm Sensitive Information Disclosure