7.5

CVE-2025-0190

Exploit

EPSS 0.59%
Veröffentlicht 20.03.2025 10:08:48
Zuletzt bearbeitet 28.03.2025 14:28:25
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aimstack ≫ Aim Version3.25.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.435

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@huntr.dev	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1049 Excessive Data Query Operations in a Large Data Table

The product performs a data query with a large number of joins and sub-queries on a large data table.

https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-0190

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0190

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0190

EUVD