CVE-2025-0742

Published: Jan 30, 2025Modified: Oct 8, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>".

Affected (1)

Products: Thesamur: Embedai

Thesamur

1 product

Embedai

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thesamur Embedai	Before 2.1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai

Source: cve-coordination@incibe.es

Third Party Advisory

Timeline

No history available yet.