CVE-2025-49653 – backend-ai

Package

Manager: pip
Name: backend-ai
Vulnerable Version: =1.0.0 || =1.0.1 || =1.0.2 || =1.1.0 || =1.2.0 || =1.3.0 || =1.4.0 || =18.12.0 || =19.3.0 || =19.3.0a1 || =19.9.0 || =20.3.0 || =20.3.1 || =20.9.0 || =20.9.0a1.dev0 || =21.3.0 || =22.3.0 || >=0 <=25.3.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00059 pctl0.18418

Details

BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

Metadata

Created: 2025-06-09T18:32:17Z
Modified: 2025-06-11T17:57:13.805707Z
Source: https://osv-vulnerabilities
CWE IDs: ["CWE-200"]
Alternative ID: N/A
Finding: F038
Auto approve: 1