CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0189: Denial of Service in aimhubio/aim

7.5 CVSS

Description

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.

Classification

CVE ID: CVE-2025-0189

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-400 Uncontrolled Resource Consumption

Affected Products

Vendor: aimhubio

Product: aimhubio/aim

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.35% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0189
https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e

Timeline

2025-03-20 11:40:51 UTC
CVE

Denial of Service in aimhubio/aim