ГлавнаяУязвимости → CVE-2025-0740
8.6высокая

CVE-2025-0740

Описание

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>".

Затрагиваемое ПО
Thesamur Embedai
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Источники
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai