CVE-2025-0190
Published: 20 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-0190 is a denial of service vulnerability affecting version 3.25.0 of aimhubio/aim. The flaw occurs when a large number of Text objects are tracked and then queried simultaneously through the web API, causing the Aim web server to become unresponsive to other requests for an extended period while processing and returning these objects. It is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-1049 and NVD-CWE-Other.
The vulnerability can be exploited by any unauthenticated attacker with network access to the Aim web server, requiring low complexity and no user interaction. By repeatedly tracking large volumes of Text objects and issuing simultaneous queries via the web API, an attacker can render the server unresponsive, leading to a complete denial of service.
Mitigation details and additional information are available in the advisory published on Huntr at https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Aim (aimhubio/aim) is an open-source ML experiment tracking platform used for logging and visualizing AI/ML experiments, including Text objects, fitting 'Other Platforms' as it is neither a framework, library, nor specialized in NLP/CV/etc., but a tool for AI/ML workflows. Vulnerability confirmed AI-related via AI/ML bug bounty context.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables endpoint denial of service by overwhelming the Aim web server with simultaneous queries on a large number of Text objects, causing resource exhaustion and prolonged unresponsiveness to other requests.