CVE-2025-0739

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Jan 30, 2025

CWE ID 284

Summary

CVE-2025-0739 is an access control vulnerability affecting EmbedAI versions 2.1 and below. This issue enables authenticated attackers to access subscription information of other users by tampering with the "SUSCBRIPTION_ID" parameter in the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION_ID>". The vulnerability could potentially expose sensitive subscription details, leading to privacy concerns. EmbedAI is advised to address this issue promptly by implementing proper access control measures to prevent unauthorized access to user data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/21sXIt
https://www.cve.org/CVERecord?id=CVE-2025-0739
https://nvd.nist.gov/vuln/detail/CVE-2025-0739

Back to Vulnerability Database

CVE-2025-0739

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations