CVE-2025-5321 – aim

Package

Manager: pip
Name: aim
Vulnerable Version: >=0 <=3.29.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

EPSS: 0.00055 pctl0.17068

Details

Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

Created: 2025-05-29T15:31:09Z
Modified: 2025-06-05T00:34:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-gp5h-f9c5-8355
Finding: F422
Auto approve: 1