PT-2025-12306 · Aimhubio · Aim

Published

2025-03-20

Updated

2025-03-28

CVE-2025-0190

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.25.0

Description A denial of service issue exists, where tracking a large number of Text objects and then querying them simultaneously through the web API can cause the Aim web server to become unresponsive to other requests for an extended period. This can be exploited repeatedly, leading to a complete denial of service.

Recommendations For version 3.25.0, consider restricting access to the web API or limiting the number of Text objects that can be queried simultaneously to minimize the risk of exploitation. As a temporary workaround, consider implementing rate limiting or IP blocking to prevent repeated exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1049

Related Identifiers

CVE-2025-0190

GHSA-FM93-G6XP-35XQ

Affected Products

Aim

PT-2025-12306 · Aimhubio · Aim

CVE-2025-0190

Weakness Enumeration

Related Identifiers

Affected Products

References · 9