CVE-2025-0190

Published Mar 20, 2025

Last updated 7 days ago

CVSS high 7.5

Overview

Description: In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.
Source: security@huntr.dev
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

security@huntr.dev: CWE-1049
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

CVE-2025-0190 In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through … https://t.co/8czfAhvKdG
@CVEnew
22 Mar 2025
314 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:aimstack:aim:3.25.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9850B23-8420-4636-8BCF-DBFB56C51026"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References