← Back

CVE-2025-0741

nvd nist
Published: Jan 30, 2025Modified: Oct 10, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_message".

Affected (1)

Products: Thesamur: Embedai
Thesamur
1 product
Embedai
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Embedai
Before 2.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: cve-coordination@incibe.es
Third Party Advisory

Timeline

No history available yet.