Critical Security Vulnerability (CVE-2025-48757) in Row-Level Security (RLS) (critical) A critical vulnerability (CVE-2025-48757) was discovered in Lovable’s implementation of Row-Level Security (RLS) policies on March 20, 2025. This flaw had the potential to allow unauthorized access to sensitive data at the row level, undermining access control and exposing sensitive user data across over 170 applications built on the platform.. Confirmed Data Exposure Incident via Security Flaw (critical) A security engineer managed to 'hack' multiple websites listed on Lovable’s own recommendation page in 47 minutes, successfully finding and exposing sensitive data, including 'personal debt amounts, home...' This incident confirms the real-world impact of the platform's security weaknesses.. Significant Discrepancy in Reported Revenue vs. ARR (high) The company profile lists current Revenue at $3.8 M, with 18 employees and $400.2 M in total funding. However, multiple recent articles claim the company achieved $75M ARR (Annual Recurring Revenue) in just 7 months (as of June 2025). This massive discrepancy between reported Revenue and ARR figures requires immediate clarification and raises concerns about financial reporting accuracy or the sustainability/definition of the ARR metric.. Active Litigation: DocuSign Threatens/Files Legal Action (high) American e-signature giant DocuSign has threatened and/or initiated legal action against Lovable (specifically Lovable’s AI Copilot product) for helping users automate repetitive tasks within DocuSign, suggesting potential intellectual property or competitive infringement claims.. Active Litigation: Lovably Inc. v. Lovable Labs Inc. (high) Lovable Labs Inc. is actively listed as a defendant in a lawsuit filed by Lovably Inc. (Case 1:2025cv06614) in the U.S. District Court, Southern District of New York.