CVE-2025-5321

Опубликовано: 29 мая 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 9.9

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.310492
Permissions Required
VDB Entry
https://vuldb.com/?id.310492
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.580253
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aimstack:aim:*:*:*:*:*:python:*:*

Версия до 3.29.1 (включая)

EPSS

Процентиль: 25%

0.00084

Низкий

6.3 Medium

CVSS3

9.9 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-gp5h-f9c5-8355

CVSS3: 6.3

github

8 месяцев назад

Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution

EPSS

Процентиль: 25%

0.00084

Низкий

6.3 Medium

CVSS3

9.9 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-264