← volver
CVE-2025-0739

Improper Access Control vulnerability in EmbedAI

CVSS 8.6 HIGHEPSS 0.3%CWE-284
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION_ID>".
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Productos afectados
EmbedAI · EmbedAI

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai