Cyber Posture

CVE-2025-0739

High

Published: 30 January 2025

Published
30 January 2025
Modified
10 October 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0008 23.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to get a listing of cloud accounts.

Security Summary

CVE-2025-0739 is an Improper Access Control vulnerability (CWE-284) affecting EmbedAI version 2.1 and below. The issue resides in the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION_ID>", where insufficient controls allow manipulation of the SUSCBRIPTION_ID parameter. It has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, no required privileges or user interaction, and changed scope with high confidentiality impact.

An authenticated attacker can exploit this vulnerability by altering the SUSCBRIPTION_ID parameter in the specified endpoint to access and view subscription information belonging to other users. This enables unauthorized exposure of sensitive subscription details without impacting integrity or availability.

The primary advisory is published by INCIBE-CERT, detailing multiple vulnerabilities in EmbedAI, including this issue, available at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai. Practitioners should consult this notice for additional context and recommended mitigations.

Details

CWE(s)
CWE-284

Affected Products

thesamur
embedai
≤ 2.1

AI Security Analysis

AI Category
Enterprise AI Assistants
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
EmbedAI is a tool for creating chatbots, explicitly tagged with 'Artificial intelligence' in the advisory, and provides features like embedding AI chatbots with subscriptions, chats, and files, aligning with Enterprise AI Assistants platforms.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1087.004 Cloud Account Discovery
Adversaries may attempt to get a listing of cloud accounts.
attack.mitre.org →
Why these techniques?

CVE-2025-0739 is an improper access control (IDOR) vulnerability in a public-facing web application, enabling exploitation for initial access or post-auth data disclosure (T1190). It facilitates cloud account discovery (T1087.004) by allowing manipulation of the subscription ID parameter to access other users' subscription information.

References