CVE-2025-0743

Name of the Vulnerable Software and Affected Versions EmbedAI versions 2.1 and earlier

Description A control access issue has been identified, allowing an authenticated attacker to exploit the "/embedai/visits/show/" endpoint to obtain information about visits made by other users. The information provided by this endpoint includes the IP address, user agent, and location of the user who visited the web page. The endpoint "/embedai/visits/show/" is also vulnerable, providing similar information.

Recommendations For EmbedAI versions 2.1 and earlier, consider restricting access to the "/embedai/visits/show/" and "/embedai/visits/show/" endpoints to prevent unauthorized information disclosure. As a temporary workaround, consider disabling the visit functionality until a patch is available. Avoid using the VISIT ID parameter in the affected API endpoint until the issue is resolved.