PT-2025-24547 · Lablup · Lablup'S Backendai
Esteban Tonglet
·
Published
2025-06-09
·
Updated
2025-06-09
·
CVE-2025-49652
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lablup's BackendAI (affected versions not specified)
Description
The issue concerns a missing authentication mechanism in the registration feature, allowing arbitrary users to create accounts that can access private data, even when registration is supposed to be disabled.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lablup'S Backendai