CVE-2025-5321

Medium CVSS: 5.3

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Aimstack

Product

Aim

CWE

CWE-264

Yayın Tarihi

2025-05-29 15:15:34

Güncelleme

2025-09-19 17:17:50

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-264 Aim MEDIUM Aimstack 2025

Referanslar

https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c https://vuldb.com/?ctiid.310492 https://vuldb.com/?id.310492 https://vuldb.com/?submit.580253

Benzer Kayıtlar

High

CVE-2025-51464

Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims bro…

High

CVE-2025-51463

Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's fi…

High

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides…

High

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` object…

Critical

CVE-2024-8769

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file d…

Medium

CVE-2024-8101

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0.…