CVE-2025-0740

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Jan 30, 2025

CWE ID 284

Summary

CVE-2025-0740 is a newly identified access control vulnerability affecting EmbedAI versions 2.1 and below. This issue grants authenticated attackers the ability to obtain chat messages from other users by manipulating the "CHAT\_ID" parameter in the endpoint "/embedai/chats/load\_messages?chat\_id=<CHAT\_ID>". This unauthorized access poses a significant risk to privacy and confidentiality of chat conversations. Attackers could potentially extract sensitive information, leading to potential data breaches. It is strongly advised that users upgrade to the latest EmbedAI version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/21sSB1
https://www.cve.org/CVERecord?id=CVE-2025-0740
https://nvd.nist.gov/vuln/detail/CVE-2025-0740

Back to Vulnerability Database

CVE-2025-0740

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations