CVE-2025-0190

Exploit

EPSS 0.14%
Veröffentlicht 20.03.2025 10:08:48
Zuletzt bearbeitet 28.03.2025 14:28:25
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aimstack ≫ Aim Version3.25.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.352

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@huntr.dev	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1049 Excessive Data Query Operations in a Large Data Table

The product performs a data query with a large number of joins and sub-queries on a large data table.

https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-0190

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0190

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0190

EUVD