CVE-2025-49653 PUBLISHED

Exposure of sensitive Information allows account takeover

Assigner: HiddenLayer
Reserved: 09.06.2025 Published: 09.06.2025 Updated: 11.06.2025

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8

Product Status

Vendor Lablup
Product BackendAI
Versions Default: unaffected
  • Version * is affected

Credits

  • Esteban Tonglet finder

References

Problem Types

  • CWE-200 Exposure of Sensitive Information to an Unauthorized Actor CWE

Impacts

  • CAPEC-116 Excavation