cbcvebase.
CVE-2024-12778
published 2025-03-20

CVE-2024-12778: A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are…

PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.73%
49.5th percentile
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.

Affected

3 ranges
VendorProductVersion rangeFixed in
aimhubioaimhubio_aimunspecified – latest
aimstackaim
aimstackaim0 – 3.25.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.