Home

Description

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.

PUBLISHED Reserved 2025-01-03 | Published 2025-03-20 | Updated 2025-10-15 | Assigner @huntr_ai




HIGH: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Any version
affected

References

huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e

cve.org (CVE-2025-0189)

nvd.nist.gov (CVE-2025-0189)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.