Spring AI's chat memory component used a default identifier for conversations that was not tied to a specific user. Because the default value could be used by any user when it was not explicitly overridden, an attacker or any other user could read messages belonging to other users. The vulnerability therefore results in a confidentiality breach where private chat data may be exposed between users. The flaw stems from improper default value handling and can be considered an information exposure weakness as well as an incorrect privilege management flaw.

The affected product is VMware Spring AI, specifically the chat memory feature that assigns conversations to a DEFAULT_CONVERSATION_ID when no explicit ID is provided. The vulnerability applies to all releases of the product that utilize this default behavior; no specific version details are currently available.

The CVSS score of 7.5 indicates a high severity impact focused on confidentiality. The EPSS score of 0.00035 (less than 1%) indicates a very low but non‑zero probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited evidence of exploitation to date. Nonetheless, the flaw can be leveraged by any authenticated or unauthenticated user who can create or access a conversation using the default identifier, so the most probable attack vector is within the application itself. The risk is elevated because once the default value is shared across users, data leakage can occur without further attacker action beyond normal use of the chat interface.