PT-2025-23240 · Cvat · Cvat
Speclad
·
Published
2025-05-30
·
Updated
2025-10-15
·
CVE-2025-48381
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Computer Vision Annotation Tool (CVAT) versions 2.4.0 through 2.37.x
Description
The issue allows an authenticated user to retrieve sensitive information, including IDs and names of tasks, projects, labels, and IDs of jobs and quality reports, from a CVAT instance. This can lead to a denial of service if the instance contains a large number of resources, as retrieving this information may consume system resources and deny access to legitimate users.
Recommendations
For versions 2.4.0 through 2.37.x, update to version 2.38.0 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cvat