Broken Object Property Level Authorization in Go (Gin) [CVE-2025-13997]

Broken Object Property Level Authorization (BOPLA) vulnerabilities occur when an API returns object properties that an attacker should not be allowed to see. While many examples focus on full-resource access, BOPLA extends to partial exposure where sensitive fields such as keys, tokens, or internal metadata are included in responses. The CVE-2025-13997 case demonstrates the broader risk pattern: an unauthenticated service exposed API keys by embedding them into HTML/response content in a WordPress plugin, highlighting how easily secrets can leak when strict property-level controls are absent. In Go with Gin, the risk manifests when a handler marshals internal models directly or uses shared DTOs that include sensitive fields. If the caller is not authorized to see a particular property but the API negotiates or filters only at the resource level rather than the property level, an attacker could infer or access the extra properties via crafted requests. Remediation is to enforce per-property access checks, isolate response shapes via DTOs, and avoid serializing internal fields. For code remediation, implement explicit response types that whitelist fields, apply an authorization function per property, and consider role-based or policy-based checks. Also include tests and code-analysis to enforce property-level redaction.