CVE-2025-49653

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://hiddenlayer.com/sai_security_advisor/2025-06-backendai/

Configurations

No configuration.

History

11 Jun 2025, 13:15

Type	Values Removed	Values Added
References	~~{'url': 'https://hiddenlayer.com/sai_security_advisor/2025-05-backendai-49653/', 'source': '6f8de1f0-f67e-45a6-b68f-98777fdb759c'}~~	() https://hiddenlayer.com/sai_security_advisor/2025-06-backendai/ -
Summary		(es) La exposición de datos confidenciales en sesiones activas en BackendAI de Lablup permite a los atacantes recuperar las credenciales de los usuarios en la plataforma de administración.

09 Jun 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-09 18:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-49653

Mitre link : CVE-2025-49653

CVE.ORG link : CVE-2025-49653

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

8.0 /10