CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aimstack:aim:3.25.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-03-28 14:28

NVD link : CVE-2025-0190

Mitre link : CVE-2025-0190

CVE.ORG link : CVE-2025-0190

JSON object : View

Products Affected

aimstack

aim

CWE

CWE-1049

Excessive Data Query Operations in a Large Data Table

NVD-CWE-Other

{"id": "CVE-2025-0190", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:51.780", "references": [{"url": "https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1049"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service."}, {"lang": "es", "value": "En la versi\u00f3n 3.25.0 de aimhubio/aim, existe una vulnerabilidad de denegaci\u00f3n de servicio. Al rastrear una gran cantidad de objetos `Text` y consultarlos simult\u00e1neamente a trav\u00e9s de la API web, el servidor web de Aim deja de responder a otras solicitudes durante un per\u00edodo prolongado mientras procesa y devuelve estos objetos. Esta vulnerabilidad puede explotarse repetidamente, lo que provoca una denegaci\u00f3n de servicio completa."}], "lastModified": "2025-03-28T14:28:25.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:3.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9850B23-8420-4636-8BCF-DBFB56C51026"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}