Vulnerabilities > CVE-2025-0190 - Excessive Data Query Operations in a Large Data Table vulnerability in Aimstack AIM 3.25.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

aimstack

CWE-1049

NVD

Published: 2025-03-20

Updated: 2025-03-28

Summary

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Aimstack Aimstack AIM 3.25.0	1

Common Weakness Enumeration (CWE)

CWE-1049 - Excessive Data Query Operations in a Large Data Table

References

https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70