CVE-2025-0189

Source
https://cve.org/CVERecord?id=CVE-2025-0189
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0189.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-0189
Aliases
Published
2025-03-20T10:10:54.858Z
Modified
2026-07-08T08:11:55.373518854Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of Service in aimhubio/aim
Details

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/0xxx/CVE-2025-0189.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/aimhubio/aim

Affected ranges

Type
GIT
Repo
https://github.com/aimhubio/aim
Events
Database specific
{
    "cpe": "cpe:2.3:a:aimstack:aim:3.25.0:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "3.25.0"
        },
        {
            "last_affected": "3.25.0"
        }
    ]
}

Affected versions

3.*
3.25.0
v3.*
v3.25.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0189.json"