CVE-2025-0745

Published: Jan 30, 2025Modified: Oct 8, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/<SQL_FILE>" endpoint.

Affected (1)

Products: Thesamur: Embedai

Thesamur

1 product

Embedai

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thesamur Embedai	Before 2.1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai

Source: cve-coordination@incibe.es

Third Party Advisory

Timeline

No history available yet.