CVE-2025-0745

Name of the Vulnerable Software and Affected Versions EmbedAI versions 2.1 and earlier

Description An issue with inadequate access control has been identified, allowing an authenticated attacker to obtain database backups by requesting the "/embedai/app/uploads/database/" endpoint. This endpoint is vulnerable, enabling unauthorized access to sensitive data. The estimated number of potentially affected devices worldwide is not specified. There is no information available about real-world incidents where this issue was exploited.

Recommendations For EmbedAI versions 2.1 and earlier, consider restricting access to the "/embedai/app/uploads/database/" endpoint to prevent unauthorized database backup retrieval until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.