CVE-2025-5321

Exploit

EPSS 0.05%
Veröffentlicht 29.05.2025 15:15:34
Zuletzt bearbeitet 19.09.2025 17:17:50
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aimstack ≫ Aim SwPlatformpython Version <= 3.29.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.159

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.310492

VDB Entry

Permissions Required

https://vuldb.com/?id.310492

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.580253

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2025-5321

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5321

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5321

EUVD