CVE-2025-0190

High CVSS: 7.5

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.

Vendor

Aimstack

Product

Aim

CWE

CWE-1049

Yayın Tarihi

2025-03-20 10:15:51

Güncelleme

2025-03-28 14:28:25

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-1049 Aim HIGH Aimstack 2025

Referanslar

https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70

Benzer Kayıtlar

High

CVE-2025-51464

Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims bro…

High

CVE-2025-51463

Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's fi…

Medium

CVE-2025-5321

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function R…

High

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides…

Critical

CVE-2024-8769

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file d…

Medium

CVE-2024-8101

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0.…