Home > Vulnerability Database > CVE-2025-0189

Mend.io Vulnerability Database

CVE-2025-0189

Date: March 20, 2025

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.

Severity Score

7.5

Related Resources (4)

Url: https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e

Url: https://github.com/aimhubio/aim

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-0189

Url: https://www.mend.io/vulnerability-database/CVE-2025-0189

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-0189

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?