HackerTrans
TopNewTrendsCommentsPastAskShowJobs

etlun

no profile record

Submissions

AI Autonomously Finds 7 FFmpeg Vulnerabilities

zeropath.com
11 points·by etlun·vor 7 Monaten·1 comments

Better-auth account takeover (CVE-2025-61928) found via ZeroPath

zeropath.com
9 points·by etlun·vor 9 Monaten·4 comments

comments

etlun
·vor 9 Monaten·discuss
Author here, we found it while building & documenting automated dependency assessment workflows for ZeroPath recently. Better-Auth made for a good test case given its popularity (300K weekly downloads).

The vulnerability is a logic error in how the API keys plugin determines user context when a userId is specified. Fix is in version 1.3.26. This is the kind of business logic flaw that traditional dependency vetting (stars, existing CVEs, reputation) doesn't catch. We're working on tooling to make these audits more practical at scale.
etlun
·vor 9 Monaten·discuss
Hi, I'm Etienne, one of the cofounders @ ZeroPath.

We do not use traditional static analyzers; our engine was built from the ground up to use LLMs as a primitive. The issues ZeroPath identified in Joshua's post were indeed surfaced and triaged by AI.

If you're interested in how it works under the hood, some of the techniques are outlined here: https://zeropath.com/blog/how-zeropath-works