CVE-2025-0742

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Jan 30, 2025

Updated: Feb 18, 2025

CWE ID 284

Summary

CVE-2025-0742 is an Improper Access Control vulnerability affecting EmbedAI versions 2.1 and below. This issue enables authenticated attackers to breach access controls and gain unauthorized access to files belonging to other users. By manipulating the "FILE_ID" parameter in the endpoint "/embedai/files/show/<FILE_ID>," attackers can obtain files that were not intended for their access. This vulnerability poses a significant risk to data privacy and security within EmbedAI environments.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/21sITP
https://www.cve.org/CVERecord?id=CVE-2025-0742
https://nvd.nist.gov/vuln/detail/CVE-2025-0742

Back to Vulnerability Database

CVE-2025-0742

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations