CVE-2025-0190
published 2025-03-20CVE-2025-0190: In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.59%
43.8th percentile
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aimhubio | aimhubio_aim | unspecified – latest | — |
| aimstack | aim | — | — |
| aimstack | aim | 0 – 3.25.0 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Aim Excessive Data Query Operations in a Large Data Table vulnerability
osv·2025-03-20
CVE-2025-0190 [HIGH] Aim Excessive Data Query Operations in a Large Data Table vulnerability
Aim Excessive Data Query Operations in a Large Data Table vulnerability
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.
GHSA
Aim Excessive Data Query Operations in a Large Data Table vulnerability
ghsa·2025-03-20
CVE-2025-0190 [HIGH] CWE-1049 Aim Excessive Data Query Operations in a Large Data Table vulnerability
Aim Excessive Data Query Operations in a Large Data Table vulnerability
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published