Description

The Large Language Model (LLM) has disclosed a list of internal tools and their descriptions upon receiving specially crafted queries. This information exposure can aid attackers in reconnaissance, potentially enabling more targeted attacks or further vulnerability enumeration.

Remediation

Configure the LLM to restrict or sanitize responses regarding its internal tools and capabilities. Implement validation checks or filters to detect and prevent sensitive information disclosure.

References

OWASP Top 10 for LLM Applications 2025

Related Vulnerabilities

WordPress 5.8 Multiple Vulnerabilities (5.8)

WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.24)

WordPress Plugin Unyson Information Disclosure (2.7.18)

Reachable SharePoint interface

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N