← Back

CVE-2025-0739

nvd nist
Published: Jan 30, 2025Modified: Oct 10, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION_ID>".

Affected (1)

Products: Thesamur: Embedai
Thesamur
1 product
Embedai
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Embedai
Before 2.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: cve-coordination@incibe.es
Third Party Advisory

Timeline

No history available yet.