← Back

CVE-2025-0743

nvd nist
Published: Jan 30, 2025Modified: Oct 8, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obtain information about the visits made by other users. The information provided by this endpoint includes IP address, userAgent and location of the user that visited the web page.

Affected (1)

Products: Thesamur: Embedai
Thesamur
1 product
Embedai
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Embedai
Before 2.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: cve-coordination@incibe.es
Third Party Advisory

Timeline

No history available yet.