cvedb.io
CVE-2025-0190
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:51.780 · Last modified 2026-06-17T08:26:02.720

Summary

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.

Affected products

aimstack — aim

Does this affect you?

Add your gear to cvedb and we'll alert you only when aimstack ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.