CVE-2025-0189

High CVSS: 7.5

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.

Vendor

Aimstack

Product

Aim

CWE

CWE-770

Yayın Tarihi

2025-03-20 10:15:51

Güncelleme

2025-10-15 13:16:00

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-770 Aim HIGH Aimstack 2025

Referanslar

https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e

Benzer Kayıtlar

High

CVE-2025-51464

Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims bro…

High

CVE-2025-51463

Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's fi…

Medium

CVE-2025-5321

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function R…

High

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` object…

Critical

CVE-2024-8769

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file d…

Medium

CVE-2024-8101

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0.…